Feature #6854
closedforeman api status is restricted for admin only
Description
Libraries for foreman api handling like https://pypi.python.org/pypi/python-foreman use /api/status url to determine which foreman version is installed, which in my opinion is quite good behaviour. But foreman requires admin rights to access such information, if you are trying to script this as normal user, this is not possible. I couldn't come up with any reasonable way why it should be restricted only to admin. Please elaborate, why is it the case or please fix it that this restriction in not present. Or that you can configure the rights. Thank you
Updated by Will Foster about 10 years ago
We've hit some situations where having /api/status improperly restricted to admin is causing some issues with general usage for non-admin users. Would love to see this fixed.
The file that maps permissions to URLs is app/services/foreman/access_permissions.rb and it just needs a new section.
You'd also need to add the permission name in db/seeds.d/03-permissions.rb.
I will take a stab at this when I find some time.
Updated by The Foreman Bot over 9 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/2557 added
- Pull request deleted (
)
Updated by Ondřej Pražák over 9 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 7267e023e6db34db8ebb3ba59f4be4b8d0e07624.
Updated by Dominic Cleal over 9 years ago
- Assignee set to Ondřej Pražák
- Translation missing: en.field_release set to 72