Bug #25105
closed
/api/settings/content_disconnected gives 403 without pointing out which permission is required
Description
When user with Viewer role accesses Content -> Subscriptions page, $HOST/api/v2/settings/content_disconnected will be requested by browser. This endpoint return 403 error without explanation which permission is missing:
{
"error": {"message":"Access denied","details":"Missing one of the required permissions: "}
}
Version-Release number of selected component (if applicable):
katello-3.7.0-7
tfm-rubygem-katello-3.7.0.28-1
Steps to Reproduce:
1. Create new user with role "Viewer" (or any other role that has "view_subscriptions" in Subscription resource and "view_organizations" in Organization resource). Make sure it can access organization with manifest
2. Login as that user
3. Open Content -> Subscriptions
4. In web browser development tools, find request sent to $HOST/api/v2/settings/content_disconnected and read the response
Expected results:
Response contains information about permission that is required for endpoint to return data.
Updated by Michael Johnson over 5 years ago
- Subject changed from /api/settings/content_disconnected gives 403 without pointing out which permission is required to /api/settings/content_disconnected gives 403 without pointing out which permission is required
- Description updated (diff)
Updated by Jonathon Turel over 5 years ago
- Target version set to Katello 3.9.0
- Triaged changed from No to Yes
Updated by Zach Huntington-Meath over 5 years ago
- Is duplicate of Feature #24259: Foreman canned admin added
Updated by Zach Huntington-Meath over 5 years ago
- Status changed from New to Closed