Project

General

Profile

Bug #2248

Authorization of API actions should match app permissions

Added by Dominic Cleal almost 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
API
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

The API v1 and v2 actions are not currently assigned to permissions (with the exception of just four API v1 controllers), so it requires an admin account to perform most work over the API.

The actions for API controllers should be added to permissions and tests added (by fixing test/lib/foreman/access_permissions_test.rb to test for them), or perhaps a method of equating API routes to standard app routes to avoid repeating them.


Related issues

Related to Foreman - Bug #2202: Add new permissions for actions currently missing themClosed2013-02-12
Related to Foreman - Bug #2266: API doesn't honor 'view_facts' permissionClosed2013-02-28
Has duplicate Foreman - Bug #2330: Add api calls to access_permissions.rbDuplicate2013-03-17

Associated revisions

Revision e00b6ef0 (diff)
Added by Joseph Magen over 6 years ago

fixes #2248 adds api controllers and actions to access_permissions.rb

History

#1 Updated by Ohad Levy over 6 years ago

  • Target version set to 1.2.0

#2 Updated by Joseph Magen over 6 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF