Bug #2248: Authorization of API actions should match app permissions - Foreman

Actions

Copy link

Bug #2248

closed

Authorization of API actions should match app permissions

Added by Dominic Cleal almost 12 years ago. Updated over 11 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

API

Target version:

1.2.0

Difficulty:

Triaged:

Bugzilla link:

Pull request:

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

The API v1 and v2 actions are not currently assigned to permissions (with the exception of just four API v1 controllers), so it requires an admin account to perform most work over the API.

The actions for API controllers should be added to permissions and tests added (by fixing test/lib/foreman/access_permissions_test.rb to test for them), or perhaps a method of equating API routes to standard app routes to avoid repeating them.

Related issues 3 (0 open — 3 closed)

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Related to Foreman - Bug #2202: Add new permissions for actions currently missing them	Closed	Dominic Cleal	02/12/2013	Actions
Related to Foreman - Bug #2266: API doesn't honor 'view_facts' permission	Closed		02/28/2013	Actions
Has duplicate Foreman - Bug #2330: Add api calls to access_permissions.rb	Duplicate	Joseph Magen	03/17/2013	Actions

Project

General

Profile

Custom queries

Bug #2248

Authorization of API actions should match app permissions

Updated by Ohad Levy over 11 years ago

Updated by Joseph Magen over 11 years ago