Project

General

Profile

Actions
Copy link

Bug #16633

closed

Auth source controllers uses wrong permissions

Added by Daniel Lobato Garcia about 7 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Daniel Lobato Garcia
Category:
Users, Roles and Permissions
Target version:
1.13.1
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/3872
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Non-admin users can only be assigned the 'view_authenticators' (or edit, etc...) permission.
However, the API and UI controllers do not take that into account, and use 'view_auth_source_ldaps' (and the rest).

The fix is simple, override `controller_permission` in the controllers to make sure users are checked against the right kind of permission.

Actions
Copy link
 #1

Updated by The Foreman Bot about 7 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/3872 added
Actions
Copy link
 #2

Updated by Marek Hulán about 7 years ago

  • translation missing: en.field_release set to 189
Actions
Copy link
 #3

Updated by Dominic Cleal about 7 years ago

Would 1.13.1 be better? It looks like a low risk, but useful bug fix, with test coverage etc.

Actions
Copy link
 #4

Updated by Anonymous about 7 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions
Copy link
 #5

Updated by Marek Hulán about 7 years ago

  • translation missing: en.field_release changed from 189 to 190

Sounds good, moving.

Actions
Copy link

Also available in: Atom PDF