Project

General

Profile

Bug #29445

STI deletion needs to be allowed to admins only

Added by Marek Hulán 7 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Users, Roles and Permissions
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:

Related issues

Related to Foreman - Bug #20832: Plugins that registers custom host status break Foreman after uninstallClosed

Associated revisions

Revision f44a335f (diff)
Added by Marek Hulán 4 months ago

Fixes #29445 - restrict STI deletion to admin (#7694)

When obsolete STI records deletion was introduced, we allowed even
non-admin users to delete that. This patch makes it possible only for
admins to delete records from the database. Non-admin users only see a
short message explaining what happened, that they should contact
administrator and request ID that can help administrator to figure out
what happened.

It was also necessary to add explicit require_login call, otherwise
User.current was nil in case the stack failed before user was loaded.
This also made the page looks much nicer, becase the menu can be
properly rendered.

History

#1 Updated by Marek Hulán 7 months ago

  • Related to Bug #20832: Plugins that registers custom host status break Foreman after uninstall added

#2 Updated by The Foreman Bot 5 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/7694 added

#3 Updated by Tomer Brisker 4 months ago

  • Target version set to 2.1.0
  • Fixed in Releases deleted (2.1.0)

#4 Updated by The Foreman Bot 4 months ago

  • Fixed in Releases 2.2.0 added

#5 Updated by Tomer Brisker 4 months ago

  • Fixed in Releases 2.1.0 added
  • Fixed in Releases deleted (2.2.0)

#6 Updated by Marek Hulán 4 months ago

  • Status changed from Ready For Testing to Closed

#7 Updated by The Foreman Bot about 1 month ago

  • Pull request https://github.com/theforeman/foreman/pull/7975 added

Also available in: Atom PDF