Actions
Bug #16807
closedtest mail button requires excessive priviledges
Description
When trying the the test mail button I believe I run into a missing ACL?
016-10-05 13:40:44 [app] [I] Started PUT "/users/5-straylen/test_mail" for 188.184.65.139 at 2016-10-05 13:40:44 +0200
2016-10-05 13:40:44 [app] [I] Processing by UsersController#test_mail as */*
2016-10-05 13:40:44 [app] [I] Parameters: {"user_email"=>"steve.traylen@cern.ch", "id"=>"5-straylen"}
2016-10-05 13:40:44 [app] [I] Rendered common/403.html.erb (1.4ms)
2016-10-05 13:40:44 [app] [I] Filter chain halted as :authorize rendered or redirected
the button works as admin.
Comment from IRC:
The button requires that the user has either create or edit_users, which is clearly unnecessary.
Updated by The Foreman Bot over 7 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/4595 added
Updated by Ohad Levy over 7 years ago
- Translation missing: en.field_release set to 240
Updated by Amir Fefer over 7 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 25236783e8c59028e78652e15106d9c1e7ef6778.
Updated by Daniel Lobato Garcia over 7 years ago
- Translation missing: en.field_release changed from 240 to 266
Updated by Daniel Lobato Garcia over 7 years ago
- Has duplicate Bug #20410: Getting 403 forbidden error while setting the email preference or sending the test email with a normal user with viewer access added
Updated by Tomer Brisker over 7 years ago
- Assignee changed from Steve Traylen to Amir Fefer
Actions