Project

General

Profile

Bug #25105

/api/settings/content_disconnected gives 403 without pointing out which permission is required

Added by Michael Johnson over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Subscriptions
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

When user with Viewer role accesses Content -> Subscriptions page, $HOST/api/v2/settings/content_disconnected will be requested by browser. This endpoint return 403 error without explanation which permission is missing:

{
"error": {"message":"Access denied","details":"Missing one of the required permissions: "}
}

Version-Release number of selected component (if applicable):
katello-3.7.0-7
tfm-rubygem-katello-3.7.0.28-1

Steps to Reproduce:
1. Create new user with role "Viewer" (or any other role that has "view_subscriptions" in Subscription resource and "view_organizations" in Organization resource). Make sure it can access organization with manifest
2. Login as that user
3. Open Content -> Subscriptions
4. In web browser development tools, find request sent to $HOST/api/v2/settings/content_disconnected and read the response

Expected results:
Response contains information about permission that is required for endpoint to return data.


Related issues

Is duplicate of Foreman - Feature #24259: Foreman canned adminClosed

History

#1 Updated by Michael Johnson over 1 year ago

  • Description updated (diff)
  • Subject changed from /api/settings/content_disconnected gives 403 without pointing out which permission is required to /api/settings/content_disconnected gives 403 without pointing out which permission is required

#2 Updated by Jonathon Turel over 1 year ago

  • Triaged changed from No to Yes
  • Target version set to Katello 3.9.0

#3 Updated by Zach Huntington-Meath over 1 year ago

#4 Updated by Zach Huntington-Meath over 1 year ago

  • Status changed from New to Closed

Also available in: Atom PDF