Project

General

Profile

Actions
Copy link

Bug #24961

closed

Host API all_parameters wrong permission authorization check

Added by Lukas Zapletal over 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Lukas Zapletal
Category:
Users, Roles and Permissions
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/6076
Fixed in Releases:
1.21.0
Found in Releases:
Red Hat JIRA:

Description

We check this:

  node do |host|
    { :parameters => partial("api/v2/parameters/index", :object => host.host_parameters.authorized) }
  end

This makes no sense, must be:

  node do |host|
    { :parameters => partial("api/v2/parameters/index", :object => host.host_parameters.authorized(:view_params)) }
  end
Actions
Copy link
 #1

Updated by The Foreman Bot over 6 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/6076 added
Actions
Copy link
 #2

Updated by Anonymous about 6 years ago

  • Fixed in Releases 1.21.0 added
Actions
Copy link
 #3

Updated by Lukas Zapletal about 6 years ago

  • Status changed from Ready For Testing to Closed
Actions
Copy link

Also available in: Atom PDF