Bug #29445
STI deletion needs to be allowed to admins only
Status:
Closed
Priority:
Normal
Assignee:
Category:
Users, Roles and Permissions
Target version:
Pull request:
Fixed in Releases:
Found in Releases:
Related issues
Associated revisions
History
#1
Updated by Marek Hulán 7 months ago
Updated by - Related to Bug #20832: Plugins that registers custom host status break Foreman after uninstall added
#2
Updated by The Foreman Bot 5 months ago
Updated by - Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/7694 added
#3
Updated by Tomer Brisker 4 months ago
Updated by - Target version set to 2.1.0
- Fixed in Releases deleted (
2.1.0)
#4
Updated by The Foreman Bot 4 months ago
- Fixed in Releases 2.2.0 added
#5
Updated by Tomer Brisker 4 months ago
- Fixed in Releases 2.1.0 added
- Fixed in Releases deleted (
2.2.0)
#6
Updated by Marek Hulán 4 months ago
- Status changed from Ready For Testing to Closed
Applied in changeset f44a335fbfaee297d7ee828fdaecc34e6e1906ea.
#7
Updated by The Foreman Bot about 1 month ago
- Pull request https://github.com/theforeman/foreman/pull/7975 added
Fixes #29445 - restrict STI deletion to admin (#7694)
When obsolete STI records deletion was introduced, we allowed even
non-admin users to delete that. This patch makes it possible only for
admins to delete records from the database. Non-admin users only see a
short message explaining what happened, that they should contact
administrator and request ID that can help administrator to figure out
what happened.
It was also necessary to add explicit require_login call, otherwise
User.current was nil in case the stack failed before user was loaded.
This also made the page looks much nicer, becase the menu can be
properly rendered.