Project

General

Profile

Feature #1050

Foreman settings should not be viewed/edited by non admin users

Added by Ohad Levy about 8 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Authorization
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Related issues

Related to Foreman - Refactor #18440: Delete unused access_setting permissionClosed2017-02-09

Associated revisions

Revision 1462d569 (diff)
Added by Ohad Levy about 8 years ago

fixes #1050 - Foreman settings should not be viewed/edited by non admin user

Revision 9d4999fe (diff)
Added by Ohad Levy about 8 years ago

refs #1050 removing model level authorization from settings table

this seems more trouble than its worth, as settings needs to be
checked/updated every time foreman is starting.

this leads to potenitail issue when login is enabled, or the admin user is missing etc
which can simply break foreman with very little benefit to security.

History

#1 Updated by Ohad Levy about 8 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

#2 Updated by Marek Hulán over 2 years ago

  • Related to Refactor #18440: Delete unused access_setting permission added

Also available in: Atom PDF