audits no longer visible in 1.15 if user is not administrator
|Assigned To:||Daniel Lobato Garcia|
|Found in release:||1.15.0||Pull request:||https://github.com/theforeman/foreman/pull/4575|
|Velocity based estimate||-|
The audits list under Monitor => Audits is no longer visible in version 1.15 if the user hasn't the Administrator role. The assigned role has the view_audit_logs permission in resource Audit. The Audit list is just empty ("No entries found").
Fixes #19952 - Allow view_audit_logs to work
Every time the /audits page is visited by a non-admin user, it checks
whether the permission 'view_audit_logs' is for the Audit class. In
previous versions of 'audited', this was
Audited::Adapters::ActiveRecord::Audit, but right now it's simply
To test the change, visit the page with an user that just has the
'view_audit_logs' permission. Check how without updating the
authorizer.rb file, /audits will be empty.
#1 Updated by Daniel Lobato Garcia 3 months ago
I can reproduce with the current develop branch, so I assume something between 1.15 and 1.14 borked this. This sounds like a candidate for the next 1.15 patch release.
Note the permissions to show the page seem to work, it's just the content that doesn't load unless User.current == admin