Bug #30385
open
Non admin user can not query API /katello/api/capsules/:id
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1733505
Description of problem:
If a non admin user calls a GET API on satellite.example.com/katello/api/capsules/1, it fails with response :
"message": "Resource smart_proxy not found by id '1'"
Non admin user has "view_smart_proxies" permissions assigned. Even if all available persmissions are assigned to the user, the error response is same.
User is able to query information for all capsules i.e GET on /katello/api/capsules/ but not for a particular ID /katello/api/capsules/:id
The API /katello/api/capsules/:id is called by bootstrap.py script with --new-capsule switch so bootstrap.py cannot be run with non admin user.
Version-Release number of selected component (if applicable):
6.4
6.5
How reproducible:
Always
1. Create a user role and assign all available permissions to it. Create a user and assign the role to the user. User should be non admin
2. Run following api with above user and it fails
- curl -u user:password https://satellite.example.com/katello/api/capsules/1
Actual results:
APi fails with response "message": "Resource smart_proxy not found by id '1'"
Expected results:
Non admin user should be able to call that API with appropriate permissions assigned
Updated by Tomer Brisker almost 5 years ago
- Project changed from Foreman to Katello
Updated by Chris Roberts almost 5 years ago
- Category set to Roles and Permissions
- Target version set to Katello Backlog
- Triaged changed from No to Yes
Updated by