Project

General

Profile

Actions

Bug #16633

closed

Auth source controllers uses wrong permissions

Added by Daniel Lobato Garcia over 7 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Category:
Users, Roles and Permissions
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Non-admin users can only be assigned the 'view_authenticators' (or edit, etc...) permission.
However, the API and UI controllers do not take that into account, and use 'view_auth_source_ldaps' (and the rest).

The fix is simple, override `controller_permission` in the controllers to make sure users are checked against the right kind of permission.

Actions #1

Updated by The Foreman Bot over 7 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/3872 added
Actions #2

Updated by Marek Hulán over 7 years ago

  • translation missing: en.field_release set to 189
Actions #3

Updated by Dominic Cleal over 7 years ago

Would 1.13.1 be better? It looks like a low risk, but useful bug fix, with test coverage etc.

Actions #4

Updated by Anonymous over 7 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #5

Updated by Marek Hulán over 7 years ago

  • translation missing: en.field_release changed from 189 to 190

Sounds good, moving.

Actions

Also available in: Atom PDF