Bug #7271
closed
Content view Update allows any valid repository ids to be added
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1134057
Description of problem:
Currently PUT /api/v2/content_views/:id/ takes a lit of repository ids. These ids are not validated to be only Library ids. As a result a user can post anyt valid repo id (including repositories that are not in library.
Version-Release number of selected component (if applicable):
6.0.3
How reproducible:
Always
Steps to Reproduce:
1. Issue a PUT request to a content view: /api/v2/content_views/:id/ specifying ids for repositories in another org for example.
Alternatively you can use hammer to assign repos using their ids as well on the 'hammer content-view update' command.
Actual results:
Any repo can be added.
Expected results:
Repos that are not in Library within the same org should not be able to be added.
Additional info:
Updated by Justin Sherrill over 10 years ago
- Status changed from New to Assigned
- Target version set to 55
- Translation missing: en.field_release set to 13
- Difficulty set to medium
- Triaged changed from No to Yes
Updated by The Foreman Bot over 10 years ago
- Status changed from Assigned to Ready For Testing
- Pull request https://github.com/Katello/katello/pull/4615 added
- Pull request deleted (
)
Updated by Justin Sherrill over 10 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset katello|9b0a5ff34817809eff43f516351454749cb97cbc.