Bug #14535
closed
/api/smart_class_parameters needs administrator permissions
Added by Sander Hoentjen over 8 years ago.
Updated over 6 years ago.
Category:
Users, Roles and Permissions
|
|
Description
It seems that since Foreman version 1.10 (at least 1.10.3) I need to give a user administrator permissions to access /api/smart_class_parameters
Is this by design?
I also can't seem to limit access to a specific search on "Lookup key" anymore, is this by design?
- Category set to Users, Roles and Permissions
- Status changed from New to Need more information
The *_external_variables permissions should give access to this API, please check you've assigned it to the user. If that doesn't work, please attach production.log during the access, with debugging and the permissions logger enabled: http://theforeman.org/manuals/1.10/index.html#7.2Debugging
Dominic Cleal wrote:
The *_external_variables permissions should give access to this API, please check you've assigned it to the user.
Yes, I have assigned those. With 1.9 I used search for that as well, so to be sure I removed and re-added the permissions but without any success.
2016-04-08 11:29:33 [app] [I] Started GET "/api/smart_class_parameters?search=key+%3D+some_key+and+puppetclass+%3D+some%3A%3Aclass" for 10.99.0.232 at 2016-04-08 11:29:33 +0200
2016-04-08 11:29:33 [app] [I] Processing by Api::V2::SmartClassParametersController#index as JSON
2016-04-08 11:29:33 [app] [I] Parameters: {"search"=>"key = some_key and puppetclass = some::class", "apiv"=>"v2", "smart_class_parameter"=>{}}
2016-04-08 11:29:33 [app] [I] Authorized user some_user(Some User)
2016-04-08 11:29:33 [permissions] [D] checking permission view_external_variables
2016-04-08 11:29:33 [permissions] [D]
2016-04-08 11:29:33 [permissions] [D] no filters found for given permission
2016-04-08 11:29:33 [permissions] [D] checking permission view_external_variables
2016-04-08 11:29:33 [permissions] [D]
2016-04-08 11:29:33 [permissions] [D] no filters found for given permission
2016-04-08 11:29:33 [app] [I] Rendered api/v2/smart_class_parameters/index.json.rabl within api/v2/layouts/index_layout (10.4ms)
2016-04-08 11:29:33 [permissions] [D] checking permission view_external_variables
2016-04-08 11:29:33 [permissions] [D]
2016-04-08 11:29:33 [permissions] [D] no filters found for given permission
- Related to Refactor #10832: Make LookupKey an STI for puppet and variable keys added
- Subject changed from /api/smart_class_parameters needs administrator permissions? to /api/smart_class_parameters needs administrator permissions
- Status changed from Need more information to New
The authorisation step is checking for a resource type that doesn't match what's stored in the seeded permissions, it's looking up: permissions.resource_type = 'PuppetclassLookupKey'. Prior to #10832, the resource type would always be LookupKey, but db/seeds.d/03-permissions.rb isn't updated with the new PuppetLookupKey/VariableLookupKey resource types.
- Related to Bug #14546: No ability to restrict *_external_variables with search anymore added
- Status changed from New to Ready For Testing
- Assignee set to Ori Rabin
- Pull request https://github.com/theforeman/foreman/pull/3530 added
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
- Translation missing: en.field_release set to 136
- Related to Bug #15321: Cannot save smart parameter bookmarks added
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by