Project

General

Profile

Actions

Feature #6854

closed

foreman api status is restricted for admin only

Added by Martin Ducar over 9 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Category:
API
Target version:
Difficulty:
easy
Triaged:
Fixed in Releases:
Found in Releases:

Description

Libraries for foreman api handling like https://pypi.python.org/pypi/python-foreman use /api/status url to determine which foreman version is installed, which in my opinion is quite good behaviour. But foreman requires admin rights to access such information, if you are trying to script this as normal user, this is not possible. I couldn't come up with any reasonable way why it should be restricted only to admin. Please elaborate, why is it the case or please fix it that this restriction in not present. Or that you can configure the rights. Thank you

Actions #1

Updated by Will Foster over 9 years ago

We've hit some situations where having /api/status improperly restricted to admin is causing some issues with general usage for non-admin users. Would love to see this fixed.

The file that maps permissions to URLs is app/services/foreman/access_permissions.rb and it just needs a new section.
You'd also need to add the permission name in db/seeds.d/03-permissions.rb.
I will take a stab at this when I find some time.

Actions #2

Updated by Dominic Cleal over 9 years ago

  • Difficulty set to easy
Actions #3

Updated by The Foreman Bot over 8 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/2557 added
  • Pull request deleted ()
Actions #4

Updated by Ondřej Pražák over 8 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #5

Updated by Dominic Cleal over 8 years ago

  • Assignee set to Ondřej Pražák
  • translation missing: en.field_release set to 72
Actions

Also available in: Atom PDF