Actions
Bug #20515
closedUser searching by login in code does not find the user because of missing unscoped
Status:
Closed
Priority:
Normal
Assignee:
Category:
Organizations and Locations
Target version:
Description
While reviewing PR improving roles registration from plugins I found and issue that basically disables roles creation from plugins. The condition return false if pending_migrations || Rails.env.test? || User.find_by_login(User::ANONYMOUS_ADMIN).nil?
is always false because the User can never be found if User.current is nil. The same issue seems to be in ldap sync function. I think this is a good candidate for 1.15.3 since the error was introduced by #16982
Updated by Marek Hulán about 7 years ago
- Related to Bug #16982: CVE-2016-7078 - User with no organizations or locations can see all resources added
Updated by The Foreman Bot about 7 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/4723 added
Updated by Anonymous about 7 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset d3fd7441f2c442467fdbea2fa30718e02f193988.
Actions