Bug #16633
Auth source controllers uses wrong permissions
Description
Non-admin users can only be assigned the 'view_authenticators' (or edit, etc...) permission.
However, the API and UI controllers do not take that into account, and use 'view_auth_source_ldaps' (and the rest).
The fix is simple, override `controller_permission` in the controllers to make sure users are checked against the right kind of permission.
Associated revisions
Fixes #16633 - AuthSourceLDAP uses *_authenticators filters
Prior to this, non-admin users who were granted *_authenticators
permissions were not able to use them, as the controllers were looking
for *_auth_source_ldaps permissions instead.
(cherry picked from commit 8cc04d55c2cbe27a5c5fbb74254102f9d9658149)
History
#1
Updated by The Foreman Bot over 4 years ago
Updated by - Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/3872 added
#2
Updated by Marek Hulán over 4 years ago
Updated by - Legacy Backlogs Release (now unused) set to 189
#3
Updated by Dominic Cleal over 4 years ago
Updated by Would 1.13.1 be better? It looks like a low risk, but useful bug fix, with test coverage etc.
#4
Updated by Anonymous over 4 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 8cc04d55c2cbe27a5c5fbb74254102f9d9658149.
#5
Updated by Marek Hulán over 4 years ago
- Legacy Backlogs Release (now unused) changed from 189 to 190
Sounds good, moving.
Fixes #16633 - AuthSourceLDAP uses *_authenticators filters
Prior to this, non-admin users who were granted *_authenticators
permissions were not able to use them, as the controllers were looking
for *_auth_source_ldaps permissions instead.