Feature #1050: Foreman settings should not be viewed/edited by non admin users - Foreman

Actions

Copy link

Feature #1050

closed

Foreman settings should not be viewed/edited by non admin users

Added by Ohad Levy over 13 years ago. Updated over 13 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Ohad Levy

Category:

Users, Roles and Permissions

Target version:

0.4

Difficulty:

Triaged:

Bugzilla link:

Pull request:

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes
Associated revisions

Added by Ohad Levy over 13 years ago

Revision 1462d569 (diff)

fixes #1050 - Foreman settings should not be viewed/edited by non admin user

Added by Ohad Levy over 13 years ago

Revision 9d4999fe (diff)

refs #1050 removing model level authorization from settings table

this seems more trouble than its worth, as settings needs to be
checked/updated every time foreman is starting.

this leads to potenitail issue when login is enabled, or the admin user is missing etc
which can simply break foreman with very little benefit to security.

Actions

Copy link

Also available in: Atom PDF

Project

General

Custom queries

Profile

Feature #1050

Foreman settings should not be viewed/edited by non admin users

Updated by Ohad Levy over 13 years ago

Updated by Marek Hulán about 8 years ago

Added by Ohad Levy over 13 years ago

Added by Ohad Levy over 13 years ago