Auth source controllers uses wrong permissions
Users, Roles and Permissions
Non-admin users can only be assigned the 'view_authenticators' (or edit, etc...) permission.
However, the API and UI controllers do not take that into account, and use 'view_auth_source_ldaps' (and the rest).
The fix is simple, override `controller_permission` in the controllers to make sure users are checked against the right kind of permission.
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/3872 added
- translation missing: en.field_release set to 189
Would 1.13.1 be better? It looks like a low risk, but useful bug fix, with test coverage etc.
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
- translation missing: en.field_release changed from 189 to 190
Also available in: Atom