Project

General

Profile

Bug #30385

Non admin user can not query API /katello/api/capsules/:id

Added by Shira Maximov almost 2 years ago. Updated almost 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Roles and Permissions
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1733505

Description of problem:

If a non admin user calls a GET API on satellite.example.com/katello/api/capsules/1, it fails with response :
"message": "Resource smart_proxy not found by id '1'"

Non admin user has "view_smart_proxies" permissions assigned. Even if all available persmissions are assigned to the user, the error response is same.

User is able to query information for all capsules i.e GET on /katello/api/capsules/ but not for a particular ID /katello/api/capsules/:id

The API /katello/api/capsules/:id is called by bootstrap.py script with --new-capsule switch so bootstrap.py cannot be run with non admin user.

Version-Release number of selected component (if applicable):
6.4
6.5

How reproducible:
Always

Steps to Reproduce:
1. Create a user role and assign all available permissions to it. Create a user and assign the role to the user. User should be non admin
2. Run following api with above user and it fails
  1. curl -u user:password https://satellite.example.com/katello/api/capsules/1

Actual results:
APi fails with response "message": "Resource smart_proxy not found by id '1'"

Expected results:
Non admin user should be able to call that API with appropriate permissions assigned

History

#1 Updated by Tomer Brisker almost 2 years ago

  • Project changed from Foreman to Katello

#2 Updated by Chris Roberts almost 2 years ago

  • Triaged changed from No to Yes
  • Target version set to Katello Backlog
  • Category set to Roles and Permissions

Also available in: Atom PDF