Project

General

Profile

Bug #3391

Unable to spoof templates as non-admin

Added by Max San almost 6 years ago. Updated almost 6 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
Authorization
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

In Foreman 1.3.0 it is not possible to spoof templates as non-admin users. It will just show a standard "We're sorry, but something went wrong." error message and throw exception in the log. Even with all ACL turned on the template will not be visible but as soon as you assign the user admin access the template can be spoofed. Log file attached.

foreman-spoof-template-log.txt foreman-spoof-template-log.txt 16.5 KB Max San, 10/21/2013 04:16 PM

Related issues

Is duplicate of Foreman - Bug #2892: unattended spoof mode only work for an administratorResolved2013-08-07

History

#1 Updated by Dominic Cleal almost 6 years ago

  • Category set to Authorization

#2 Updated by Lukas Zapletal almost 6 years ago

Reproduced.

#3 Updated by Lukas Zapletal almost 6 years ago

Hmmm I am not sure why we call authorize method even when it is not supposed to be called:

  FILTERS.each do |f|
    define_method("#{f}_with_unattended") do
      send("#{f}_without_unattended") if params.keys.include?("spoof")
    end
    alias_method_chain f, :unattended
  end

#4 Updated by Dominic Cleal almost 6 years ago

  • Is duplicate of Bug #2892: unattended spoof mode only work for an administrator added

#5 Updated by Dominic Cleal almost 6 years ago

  • Status changed from New to Duplicate

Also available in: Atom PDF