Project

General

Profile

Bug #28405

Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via API

Added by Dominik Matoulek 10 months ago. Updated 2 months ago.

Status:
Closed
Priority:
Normal
Category:
Users, Roles and Permissions
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1757394

Description of problem:

Non-Admin Users cannot access their own table_preferences via REST API, no matter what possible combination of roles has been assigned to them.

The same user will be able to access the table_preferences, when you mark the user as "ADMIN".

Version-Release number of selected component (if applicable):

How reproducible:
100 %

Steps to Reproduce:
1. Create a user "NA-USER" on Satellite GUI but don't mark it as Admin.

2. Try to access the API https://sat-fqdn/api/users/:id/table_preferences where the ":id" is the ID of "NA-USER" and authentication is being done by the same user.

3. Assign all the Roles to the user "NA-USER" but don't mark it as "Admin" and then try accessing the API again.

Actual results:
In both step 2 and 3, the REST api will return.
~~~~~~~~~~ {
"error": {
"message": "Access denied",
"details": "Missing one of the required permissions: "
}
}
~~~~~~~~~~

Expected results:
It should display the table_preferences without throwing any error.

Additional info:
If I mark the same user as Admin, it will be able to execute the API successfully and will be able to see the result as well.

I went through the discussion "https://community.theforeman.org/t/user-preferences/12007/4", but unable to get any pointers from the same which might help me to understand what might be the problem here.

Associated revisions

Revision 6a5903a4 (diff)
Added by Dominik Matoulek 8 months ago

Fixes #28405 - Missing permissions to Table Preferences

History

#1 Updated by The Foreman Bot 10 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/7226 added

#2 Updated by Tomer Brisker 9 months ago

  • Subject changed from [BUG] Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via Satellite 6 API to Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via API

#3 Updated by Tomer Brisker 9 months ago

  • Category set to 218

#4 Updated by The Foreman Bot 8 months ago

  • Pull request https://github.com/theforeman/foreman/pull/7220 added

#5 Updated by The Foreman Bot 8 months ago

  • Fixed in Releases 2.0.0 added

#6 Updated by Dominik Matoulek 8 months ago

  • Status changed from Ready For Testing to Closed

#7 Updated by Tomer Brisker 8 months ago

  • Assignee set to Dominik Matoulek
  • Fixed in Releases 1.24.2 added
  • Pull request deleted (https://github.com/theforeman/foreman/pull/7220)

#8 Updated by Tomer Brisker 2 months ago

  • Category changed from 218 to Users, Roles and Permissions

Also available in: Atom PDF