Project

General

Profile

Bug #14535

/api/smart_class_parameters needs administrator permissions

Added by Sander Hoentjen almost 5 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Users, Roles and Permissions
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

It seems that since Foreman version 1.10 (at least 1.10.3) I need to give a user administrator permissions to access /api/smart_class_parameters
Is this by design?
I also can't seem to limit access to a specific search on "Lookup key" anymore, is this by design?


Related issues

Related to Foreman - Refactor #10832: Make LookupKey an STI for puppet and variable keysClosed2015-06-16
Related to Foreman - Bug #14546: No ability to restrict *_external_variables with search anymoreClosed2016-04-08
Related to Foreman - Bug #15321: Cannot save smart parameter bookmarksResolved2016-06-07

Associated revisions

Revision 3fe2ea3d (diff)
Added by Ori Rabin over 4 years ago

Fixes #14546 - ability to restrict *_external_variables
Fixes #14535 - corrects permissions for smart class parameters

History

#1 Updated by Dominic Cleal almost 5 years ago

  • Category set to Users, Roles and Permissions
  • Status changed from New to Need more information

The *_external_variables permissions should give access to this API, please check you've assigned it to the user. If that doesn't work, please attach production.log during the access, with debugging and the permissions logger enabled: http://theforeman.org/manuals/1.10/index.html#7.2Debugging

#2 Updated by Sander Hoentjen almost 5 years ago

Dominic Cleal wrote:

The *_external_variables permissions should give access to this API, please check you've assigned it to the user.

Yes, I have assigned those. With 1.9 I used search for that as well, so to be sure I removed and re-added the permissions but without any success.

2016-04-08 11:29:33 [app] [I] Started GET "/api/smart_class_parameters?search=key+%3D+some_key+and+puppetclass+%3D+some%3A%3Aclass" for 10.99.0.232 at 2016-04-08 11:29:33 +0200
2016-04-08 11:29:33 [app] [I] Processing by Api::V2::SmartClassParametersController#index as JSON
2016-04-08 11:29:33 [app] [I] Parameters: {"search"=>"key = some_key and puppetclass = some::class", "apiv"=>"v2", "smart_class_parameter"=>{}}
2016-04-08 11:29:33 [app] [I] Authorized user some_user(Some User)

2016-04-08 11:29:33 [permissions] [D] checking permission view_external_variables
2016-04-08 11:29:33 [permissions] [D]
2016-04-08 11:29:33 [permissions] [D] no filters found for given permission
2016-04-08 11:29:33 [permissions] [D] checking permission view_external_variables
2016-04-08 11:29:33 [permissions] [D]
2016-04-08 11:29:33 [permissions] [D] no filters found for given permission
2016-04-08 11:29:33 [app] [I] Rendered api/v2/smart_class_parameters/index.json.rabl within api/v2/layouts/index_layout (10.4ms)
2016-04-08 11:29:33 [permissions] [D] checking permission view_external_variables
2016-04-08 11:29:33 [permissions] [D]
2016-04-08 11:29:33 [permissions] [D] no filters found for given permission

#3 Updated by Dominic Cleal almost 5 years ago

  • Related to Refactor #10832: Make LookupKey an STI for puppet and variable keys added

#4 Updated by Dominic Cleal almost 5 years ago

  • Subject changed from /api/smart_class_parameters needs administrator permissions? to /api/smart_class_parameters needs administrator permissions
  • Status changed from Need more information to New

The authorisation step is checking for a resource type that doesn't match what's stored in the seeded permissions, it's looking up: permissions.resource_type = 'PuppetclassLookupKey'. Prior to #10832, the resource type would always be LookupKey, but db/seeds.d/03-permissions.rb isn't updated with the new PuppetLookupKey/VariableLookupKey resource types.

#5 Updated by Dominic Cleal almost 5 years ago

  • Related to Bug #14546: No ability to restrict *_external_variables with search anymore added

#6 Updated by The Foreman Bot over 4 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Ori Rabin
  • Pull request https://github.com/theforeman/foreman/pull/3530 added

#7 Updated by Ori Rabin over 4 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#8 Updated by Dominic Cleal over 4 years ago

  • Legacy Backlogs Release (now unused) set to 136

#9 Updated by Tomer Brisker about 4 years ago

  • Related to Bug #15321: Cannot save smart parameter bookmarks added

Also available in: Atom PDF