Bug #16633: Auth source controllers uses wrong permissions - Foreman

Actions

Copy link

Bug #16633

closed

Auth source controllers uses wrong permissions

Added by Daniel Lobato Garcia over 7 years ago. Updated almost 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Daniel Lobato Garcia

Category:

Users, Roles and Permissions

Target version:

1.13.1

Difficulty:

Triaged:

Bugzilla link:

Pull request:

https://github.com/theforeman/foreman/pull/3872

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

Non-admin users can only be assigned the 'view_authenticators' (or edit, etc...) permission.
However, the API and UI controllers do not take that into account, and use 'view_auth_source_ldaps' (and the rest).

The fix is simple, override `controller_permission` in the controllers to make sure users are checked against the right kind of permission.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Custom queries

Bug #16633

Auth source controllers uses wrong permissions

Updated by The Foreman Bot over 7 years ago

Updated by Marek Hulán over 7 years ago

Updated by Dominic Cleal over 7 years ago

Updated by Anonymous over 7 years ago

Updated by Marek Hulán over 7 years ago