Project

General

Profile

Actions

Bug #10550

closed

Settings API updates value even if value parameter isn't supplied

Added by Dominic Cleal over 9 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Category:
Settings
Target version:
Difficulty:
easy
Triaged:
Fixed in Releases:
Found in Releases:

Description

When making a PUT to /api/v2/settings/name with an empty hash, the value is changed. Since #10402 this will change booleans to false, prior to that you might get an error about downcase!.

GET "/api/v2/settings/Parametrized_Classes_in_ENC" 
value is true

Now update:

2015-05-19 16:30:54 [I] Started PUT "/api/v2/settings/Parametrized_Classes_in_ENC" for 127.0.0.1 at 2015-05-19 16:30:54 +0100
2015-05-19 16:30:54 [I] Processing by Api::V2::SettingsController#update as JSON
2015-05-19 16:30:54 [I] Parameters: {"setting"=>{}, "apiv"=>"v2", "id"=>"Parametrized_Classes_in_ENC"}
2015-05-19 16:30:54 [D] (0.1ms) UPDATE "settings" SET "value" = '--- false
...
', "updated_at" = '2015-05-19 15:30:54.787404' WHERE "settings"."category" IN ('Setting::Puppet') AND "settings"."id" = 28

And the value has been changed to false.

https://github.com/theforeman/foreman/blob/1.8.0/app/controllers/api/v2/settings_controller.rb#L27 is updating the value without changing that params even contains a value.

Actions

Also available in: Atom PDF