Project

General

Profile

Actions

Bug #7271

closed

Content view Update allows any valid repository ids to be added

Added by Justin Sherrill over 9 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Category:
API
Target version:
Difficulty:
medium
Triaged:
Yes
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1134057
Description of problem:

Currently PUT /api/v2/content_views/:id/ takes a lit of repository ids. These ids are not validated to be only Library ids. As a result a user can post anyt valid repo id (including repositories that are not in library.

Version-Release number of selected component (if applicable):

6.0.3

How reproducible:
Always

Steps to Reproduce:
1. Issue a PUT request to a content view: /api/v2/content_views/:id/ specifying ids for repositories in another org for example.

Alternatively you can use hammer to assign repos using their ids as well on the 'hammer content-view update' command.

Actual results:
Any repo can be added.

Expected results:
Repos that are not in Library within the same org should not be able to be added.

Additional info:

Actions #1

Updated by Justin Sherrill over 9 years ago

  • Status changed from New to Assigned
  • Target version set to 55
  • translation missing: en.field_release set to 13
  • Difficulty set to medium
  • Triaged changed from No to Yes
Actions #2

Updated by The Foreman Bot over 9 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/Katello/katello/pull/4615 added
  • Pull request deleted ()
Actions #3

Updated by Justin Sherrill over 9 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF