Project

General

Profile

Bug #18042

Host Compute Resource field does not honor view permissions

Added by Timo Goebel about 2 years ago. Updated about 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Host creation
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

A user with limited view permissions for compute resources via scoped search can see eight compute resources + bare metal. The compute resources show page lists only three compute resources, which is the correct value.

Expected: The user would only see three compute resources in the select box when creating a new host.


Related issues

Related to Foreman - Feature #4477: Improve permissions on resources in host creation/editing formClosed2014-02-27

History

#2 Updated by Tomer Brisker about 2 years ago

  • Related to Feature #4477: Improve permissions on resources in host creation/editing form added

#3 Updated by Marek Hulán about 2 years ago

I'm not sure how this was supposed to work, it seems authorized call does not specify any permission https://github.com/theforeman/foreman/blob/develop/app/helpers/application_helper.rb#L458 to verify. Adding something like "view_#{...}" might help

Also available in: Atom PDF