Project

General

Profile

Bug #30880

Add permission support to validate 404 on denial and multi permissions

Added by Partha Aji about 1 month ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

The current testing framework does not handle 404s on denial. This behaviour is consistent with foreman, 404 instead of 403 if object not authorized. 403 is only when route is not authorized.
We need to add support to this.
The current authorization does not handle multi permissions also. For example destroy_content_views and promote_or_remove_content_views either support 'removing' a content view. However the controller authorizer does not handle this correctly.


Related issues

Blocks Katello - Tracker #30872: Use proper authorization in controllersNew

Associated revisions

Revision e2026d90 (diff)
Added by Partha Aji about 1 month ago

Fixes #30880 - Permission support to validate 404 (#8956)

This commit enables checking authorizing a specific instance and ensure
that it handles 404 correctly.
It also adds support for multi possible permissions for same action.
For example destroy_content_views and promote_or_remove_content_views
Either support 'removing' a content view.
This commit adds support to handle that.

History

#1 Updated by Partha Aji about 1 month ago

  • Blocks Tracker #30872: Use proper authorization in controllers added

#2 Updated by The Foreman Bot about 1 month ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/Katello/katello/pull/8956 added

#3 Updated by The Foreman Bot about 1 month ago

  • Fixed in Releases Katello 4.0.0 added

#4 Updated by Partha Aji about 1 month ago

  • Status changed from Ready For Testing to Closed

#5 Updated by Ian Ballou about 1 month ago

  • Target version set to Katello 3.18.0

#6 Updated by Ian Ballou about 1 month ago

  • Triaged changed from No to Yes

Also available in: Atom PDF