Project

General

Profile

Bug #24961

Host API all_parameters wrong permission authorization check

Added by Lukas Zapletal about 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Category:
Users, Roles and Permissions
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

We check this:

  node do |host|
    { :parameters => partial("api/v2/parameters/index", :object => host.host_parameters.authorized) }
  end

This makes no sense, must be:

  node do |host|
    { :parameters => partial("api/v2/parameters/index", :object => host.host_parameters.authorized(:view_params)) }
  end

Associated revisions

Revision b62833ab (diff)
Added by Lukas Zapletal almost 2 years ago

Fixes #24961 - all_params permission check in API fixed

History

#1 Updated by The Foreman Bot about 2 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/6076 added

#2 Updated by Anonymous almost 2 years ago

  • Fixed in Releases 1.21.0 added

#3 Updated by Lukas Zapletal almost 2 years ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF