Bug #5526
Content entities (puppet modules, packages, package groups, errata) need permission handling in the API.
Related issues
Associated revisions
History
#1
Updated by Eric Helms over 8 years ago
- Blocks Feature #5500: As a user, I should not be able to access APIs I don't have permissions to. added
#2
Updated by Eric Helms over 8 years ago
- Blocks Feature #5532: As a user, I should only see entities I have access to within Content Search. added
#3
Updated by Eric Helms about 8 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
Applied in changeset katello|commit:7ef987c6089d24efa64032ac8fb62a612446f5c8.
#4
Updated by Eric Helms about 8 years ago
- Triaged changed from No to Yes
#5
Updated by Eric Helms almost 8 years ago
- Legacy Backlogs Release (now unused) set to 13
Fixes #5526: Ensure content APIs are properly permission wrapped.
Intent is for packages, errata, package groups, and distributions the
user has :view_products and can then see the content for any products/repos
they have access to. For content within a content view, the user needs
:view_content_views permission.
For repository sets, a user needs :view_subscriptions to show, index or
see available repository sets and :import_manifest in order to disable/enable.