Project

General

Profile

Actions
Copy link

Bug #20515

closed

User searching by login in code does not find the user because of missing unscoped

Added by Marek Hulán over 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Marek Hulán
Category:
Organizations and Locations
Target version:
1.15.3
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/4723
Fixed in Releases:
Found in Releases:
Nightly
Red Hat JIRA:

Description

While reviewing PR improving roles registration from plugins I found and issue that basically disables roles creation from plugins. The condition return false if pending_migrations || Rails.env.test? || User.find_by_login(User::ANONYMOUS_ADMIN).nil? is always false because the User can never be found if User.current is nil. The same issue seems to be in ldap sync function. I think this is a good candidate for 1.15.3 since the error was introduced by #16982

Related issues 1 (0 open1 closed)

Related to Foreman - Bug #16982: CVE-2016-7078 - User with no organizations or locations can see all resourcesClosedDaniel Lobato Garcia10/18/2016Actions
Actions
Copy link
 #1

Updated by Marek Hulán over 7 years ago

  • Related to Bug #16982: CVE-2016-7078 - User with no organizations or locations can see all resources added
Actions
Copy link
 #2

Updated by The Foreman Bot over 7 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/4723 added
Actions
Copy link
 #3

Updated by Anonymous over 7 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF