Project

General

Profile

Bug #2198

Unable to install new hosts with regular users

Added by Samuli Heinonen over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Authorization
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

User without admin privileges isn't able to install new hosts with Foreman. New host form opens as expected but nothing happens when user tries to select "Deploy on", "Environment", "Host group", "Domain" etc. Following message is displayed in log files when selecting domain name to be used:

---
Started POST "/hosts/domain_selected" for x.x.x.x at Thu Feb 07 12:15:09 +0200 2013
Processing by HostsController#domain_selected as
Parameters: {"domain_id"=>"11", "organization_id"=>"2"}
User Load (0.2ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 3 LIMIT 1
Setting current user thread-local variable to user
Setting Load (0.2ms) SELECT `settings`.* FROM `settings` WHERE `settings`.`name` = 'authorize_login_delegation' ORDER BY LOWER LIMIT 1
CACHE (0.0ms) SELECT `settings`.* FROM `settings` WHERE `settings`.`name` = 'authorize_login_delegation' ORDER BY LOWER LIMIT 1
TaxableTaxonomy Load (0.3ms) SELECT DISTINCT `taxable_taxonomies`.taxonomy_id FROM `taxable_taxonomies` WHERE (`taxable_taxonomies`.taxable_id = 3 AND `taxable_taxonomies`.taxable_type = 'User')
SQL (0.2ms) SELECT COUNT() FROM `taxonomies` WHERE `taxonomies`.`type` = 'Organization' AND ( (taxonomies.id in (1,2)))
Organization Load (0.3ms) SELECT `taxonomies`.
FROM `taxonomies` WHERE `taxonomies`.`type` = 'Organization' AND ( (taxonomies.id in (1,2))) ORDER BY type, name LIMIT 1
Setting current organization thread-local variable to organization
Role Load (0.2ms) SELECT `roles`.* FROM `roles` INNER JOIN `user_roles` ON `roles`.id = `user_roles`.role_id WHERE ((`user_roles`.user_id = 3))
Rendered common/403.rhtml (0.8ms)
Completed 403 Forbidden in 46ms (Views: 4.1ms | ActiveRecord: 3.3ms)
--

Installing new hosts works if user is granted administrator privileges.

We have hit this issue on clean Foreman 1.1 and also on Foreman 1.1 that was upgraded from 1.0.2.

Associated revisions

Revision e0d9186e (diff)
Added by Dominic Cleal over 6 years ago

fixes #2198 - add AJAX routes to existing permissions to fix non-admin UI

In 2ac3af69, the automatic authorization of XMLHttpRequests was removed for
security reasons, however the controller actions need associating with
specific permissions for non-admin users to use the UI.

This adds a test that will fail by default if new routes are added with no
permission that grants access.

Revision 07d13039 (diff)
Added by Dominic Cleal over 6 years ago

fixes #2198 - add AJAX routes to existing permissions to fix non-admin UI

In 2ac3af69, the automatic authorization of XMLHttpRequests was removed for
security reasons, however the controller actions need associating with
specific permissions for non-admin users to use the UI.

This adds a test that will fail by default if new routes are added with no
permission that grants access.

History

#1 Updated by Dominic Cleal over 6 years ago

  • Category changed from Host creation to Authorization
  • Status changed from New to Assigned
  • Assignee set to Dominic Cleal
  • Priority changed from Normal to High

#2 Updated by Dominic Cleal over 6 years ago

  • Status changed from Assigned to Ready For Testing
  • Target version set to 1.2.0

#3 Updated by Dominic Cleal over 6 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF