Project

General

Profile

Bug #16807

test mail button requires excessive priviledges

Added by Steve Traylen about 2 years ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
E-Mail
Target version:
Difficulty:
Triaged:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

When trying the the test mail button I believe I run into a missing ACL?

016-10-05 13:40:44 [app] [I] Started PUT "/users/5-straylen/test_mail" for 188.184.65.139 at 2016-10-05 13:40:44 +0200
2016-10-05 13:40:44 [app] [I] Processing by UsersController#test_mail as */*
2016-10-05 13:40:44 [app] [I] Parameters: {"user_email"=>"", "id"=>"5-straylen"}
2016-10-05 13:40:44 [app] [I] Rendered common/403.html.erb (1.4ms)
2016-10-05 13:40:44 [app] [I] Filter chain halted as :authorize rendered or redirected

the button works as admin.

Comment from IRC:

The button requires that the user has either create or edit_users, which is clearly unnecessary.


Related issues

Has duplicate Foreman - Bug #20410: Getting 403 forbidden error while setting the email preference or sending the test email with a normal user with viewer access Duplicate2017-07-26

Associated revisions

Revision 25236783 (diff)
Added by Amir Fefer over 1 year ago

Fixes #16807 - remove premission edit_users for test_mail

Revision 8fdca8b8 (diff)
Added by Amir Fefer over 1 year ago

Fixes #16807 - remove premission edit_users for test_mail

(cherry picked from commit 25236783e8c59028e78652e15106d9c1e7ef6778)

History

#1 Updated by The Foreman Bot over 1 year ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/4595 added

#2 Updated by Ohad Levy over 1 year ago

  • Legacy Backlogs Release (now unused) set to 240

#3 Updated by Amir Fefer over 1 year ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#4 Updated by Daniel Lobato Garcia over 1 year ago

  • Legacy Backlogs Release (now unused) changed from 240 to 266

#5 Updated by Daniel Lobato Garcia about 1 year ago

  • Has duplicate Bug #20410: Getting 403 forbidden error while setting the email preference or sending the test email with a normal user with viewer access added

#6 Updated by Tomer Brisker about 1 year ago

  • Assignee changed from Steve Traylen to Amir Fefer

Also available in: Atom PDF