Project

General

Profile

Bug #24961

Host API all_parameters wrong permission authorization check

Added by Lukas Zapletal 8 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Category:
Authorization
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

We check this:

  node do |host|
    { :parameters => partial("api/v2/parameters/index", :object => host.host_parameters.authorized) }
  end

This makes no sense, must be:

  node do |host|
    { :parameters => partial("api/v2/parameters/index", :object => host.host_parameters.authorized(:view_params)) }
  end

Associated revisions

Revision b62833ab (diff)
Added by Lukas Zapletal 5 months ago

Fixes #24961 - all_params permission check in API fixed

History

#1 Updated by The Foreman Bot 8 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/6076 added

#2 Updated by Michael Moll 5 months ago

  • Fixed in Releases 1.21.0 added

#3 Updated by Lukas Zapletal 5 months ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF