Foreman API v1 & v2 do not display common_parameters for non-admin users
We have a non-admin user called foreman that we use for API queries to pull down facts, parameters, hostgroups, classes, and global_parameters and it uses this to generate templates. Basically it needs to know parameters from other hosts, and global parameters.
The ruby code basically queries the API at https://hostname:port/api/common_parameters to fetch global parameters. This no longer seems to work at all for this non-admin user. It has view/viewer roles. The admin user works fine. If we call specific parameters, it will work, e.g.: https://hostname:port/api/common_parameters/test displays the expected result. Also, the same symptoms occur if we use Hammer with the foreman user. No results are displayed.
However, permissions are fine and we can login to the Foreman UI and see global parameters, hosts, hostgroups, etc. Just fine.
Seems like a regression. The last version we tested and it worked on was Foreman 1.4.
#1 Updated by Dominic Cleal over 5 years ago
- Category changed from 65 to Authorization
- Status changed from New to Assigned
- Assignee changed from Martin Bacovsky to Dominic Cleal
- Target version set to 1.8.3
- Legacy Backlogs Release (now unused) changed from 4 to 16
Thanks, reproduced successfully. It's trying to look up permissions for Parameter, not CommonParameter.
Also affected are the /api/v2/*/parameters routes, which try to look up permissions "view_domains_parameters" etc.