Project

General

Profile

Bug #24961

Host API all_parameters wrong permission authorization check

Added by Lukas Zapletal about 1 year ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Category:
Authorization
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

We check this:

  node do |host|
    { :parameters => partial("api/v2/parameters/index", :object => host.host_parameters.authorized) }
  end

This makes no sense, must be:

  node do |host|
    { :parameters => partial("api/v2/parameters/index", :object => host.host_parameters.authorized(:view_params)) }
  end

Associated revisions

Revision b62833ab (diff)
Added by Lukas Zapletal 9 months ago

Fixes #24961 - all_params permission check in API fixed

History

#1 Updated by The Foreman Bot about 1 year ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/6076 added

#2 Updated by Michael Moll 9 months ago

  • Fixed in Releases 1.21.0 added

#3 Updated by Lukas Zapletal 9 months ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF