Bug #1582

Privacy leak in dashboard, statistics, facts and classes.

Added by Brian Gupta almost 11 years ago. Updated almost 11 years ago.

Users, Roles and Permissions
Target version:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:


Note that if using roles and user based domain filters, the dashboard still shows stats for hosts that the user isn't supposed to know about.

The same issue is present for stats, facts and classes.

Associated revisions

Revision caa5fcf0 (diff)
Added by Greg Sutcliffe almost 11 years ago

Fix privacy leaks in stats, facts, and dashboard - fixes #1582


#1 Updated by Greg Sutcliffe almost 11 years ago

  • % Done changed from 0 to 70

Ok, I've had a bash at it, and I think I've fixed all but the Classes. You can find the patch at and if you have time to test, I'd be grateful.

As for the Classes, I'm thinking that we might be able to build a db query about what classes are available to every host the user can edit. Could be tricky, but I'll see if I can take a look over the weekend.

#2 Updated by Greg Sutcliffe almost 11 years ago

Ok, pull request in ( It seems classes are already filtered by the environment the host is in, so I guess we need to:

a) Provide a way for an Admin to restrict what environments a user can select when editing a host.
b) Ensure that if the user can see the Puppet Classes page, that it only shows classes available to the environments configured in (a)

@bgupta, if you agree, I'll create a feature request for that and we can close this when 53 is merged....

#3 Updated by Greg Sutcliffe almost 11 years ago

  • Status changed from New to Closed
  • % Done changed from 70 to 100

Also available in: Atom PDF