Project

General

Profile

Bug #28405

Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via API

Added by Dominik Matoulek over 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Category:
Users, Roles and Permissions
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1757394

Description of problem:

Non-Admin Users cannot access their own table_preferences via REST API, no matter what possible combination of roles has been assigned to them.

The same user will be able to access the table_preferences, when you mark the user as "ADMIN".

Version-Release number of selected component (if applicable):

How reproducible:
100 %

Steps to Reproduce:
1. Create a user "NA-USER" on Satellite GUI but don't mark it as Admin.

2. Try to access the API https://sat-fqdn/api/users/:id/table_preferences where the ":id" is the ID of "NA-USER" and authentication is being done by the same user.

3. Assign all the Roles to the user "NA-USER" but don't mark it as "Admin" and then try accessing the API again.

Actual results:
In both step 2 and 3, the REST api will return.
~~~~~~~~~~ {
"error": {
"message": "Access denied",
"details": "Missing one of the required permissions: "
}
}
~~~~~~~~~~

Expected results:
It should display the table_preferences without throwing any error.

Additional info:
If I mark the same user as Admin, it will be able to execute the API successfully and will be able to see the result as well.

I went through the discussion "https://community.theforeman.org/t/user-preferences/12007/4", but unable to get any pointers from the same which might help me to understand what might be the problem here.

Associated revisions

Revision 6a5903a4 (diff)
Added by Dominik Matoulek over 2 years ago

Fixes #28405 - Missing permissions to Table Preferences

History

#1 Updated by The Foreman Bot over 2 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/7226 added

#2 Updated by Tomer Brisker over 2 years ago

  • Subject changed from [BUG] Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via Satellite 6 API to Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via API

#3 Updated by Tomer Brisker over 2 years ago

  • Category set to 218

#4 Updated by The Foreman Bot over 2 years ago

  • Pull request https://github.com/theforeman/foreman/pull/7220 added

#5 Updated by The Foreman Bot over 2 years ago

  • Fixed in Releases 2.0.0 added

#6 Updated by Dominik Matoulek over 2 years ago

  • Status changed from Ready For Testing to Closed

#7 Updated by Tomer Brisker over 2 years ago

  • Assignee set to Dominik Matoulek
  • Fixed in Releases 1.24.2 added
  • Pull request deleted (https://github.com/theforeman/foreman/pull/7220)

#8 Updated by Tomer Brisker about 2 years ago

  • Category changed from 218 to Users, Roles and Permissions

Also available in: Atom PDF