Project

General

Profile

Actions

Bug #2248

closed

Authorization of API actions should match app permissions

Added by Dominic Cleal about 11 years ago. Updated almost 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
API
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

The API v1 and v2 actions are not currently assigned to permissions (with the exception of just four API v1 controllers), so it requires an admin account to perform most work over the API.

The actions for API controllers should be added to permissions and tests added (by fixing test/lib/foreman/access_permissions_test.rb to test for them), or perhaps a method of equating API routes to standard app routes to avoid repeating them.


Related issues 3 (0 open3 closed)

Related to Foreman - Bug #2202: Add new permissions for actions currently missing themClosedDominic Cleal02/12/2013Actions
Related to Foreman - Bug #2266: API doesn't honor 'view_facts' permissionClosed02/28/2013Actions
Has duplicate Foreman - Bug #2330: Add api calls to access_permissions.rbDuplicateJoseph Magen03/17/2013Actions
Actions #1

Updated by Ohad Levy almost 11 years ago

  • Target version set to 1.2.0
Actions #2

Updated by Joseph Magen almost 11 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF