Project

General

Profile

Actions
Copy link

Bug #6760

open

Models should ensure the authorization of associated objects before associating them to the model

Added by Eric Helms almost 10 years ago. Updated about 8 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Users, Roles and Permissions
Target version:
-
Difficulty:
Triaged:
Bugzilla link:
1126840
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

While this issue is systematic, I'll provide an example using domains and subnets to illustrate the problem.

As an admin:
1. Create a new domain: "example.org"
2. Create a User: "testuser"
3. Create a new Role: "Subnets Role"
4. Add a Filter to the Role with - Type: Subnets, Permissions: create_subnets, view_subnets

As testuser:

curl -u testuser:testuser -X POST -d '{"name": "subnet1", "network": "255.168.192.1", "mask": "255.255.255.0", "domains": [{"id": 1}]}' -H "Content-Type: application/json" http://10.13.129.41:3000/api/v2/subnets

Related issues 5 (2 open3 closed)

Related to Foreman - Feature #4477: Improve permissions on resources in host creation/editing formClosedTomer Brisker02/27/2014Actions
Related to Foreman - Bug #7221: Edit organization displays associated resources for use w/o permissionsClosedThomas McKay08/21/2014Actions
Related to Foreman - Bug #7337: organizations UI does not filter resources to associate based upon RBACClosedTomer Brisker09/03/2014Actions
Related to Foreman - Feature #7289: ACL who can add a host to hostgroup.New08/28/2014Actions
Blocks Katello - Bug #5720: Roles: Add scopes to finds in converted controllersNewEric HelmsActions
Actions
Copy link
 #1

Updated by The Foreman Bot almost 10 years ago

  • Status changed from New to Ready For Testing
  • Target version set to 49
  • Pull request https://github.com/Katello/katello/pull/4483 added
  • Pull request deleted ()
Actions
Copy link
 #2

Updated by Eric Helms almost 10 years ago

  • Project changed from Katello to Foreman
  • Target version deleted (49)
Actions
Copy link
 #3

Updated by The Foreman Bot almost 10 years ago

  • Target version set to 1.8.0
Actions
Copy link
 #4

Updated by Dominic Cleal almost 10 years ago

  • Category set to Users, Roles and Permissions
Actions
Copy link
 #5

Updated by Dominic Cleal almost 10 years ago

  • Related to Feature #4477: Improve permissions on resources in host creation/editing form added
Actions
Copy link
 #6

Updated by Anonymous almost 10 years ago

  • Target version changed from 1.8.0 to 1.7.5
Actions
Copy link
 #7

Updated by Eric Helms over 9 years ago

  • Bugzilla link set to 1126840
Actions
Copy link
 #8

Updated by Eric Helms over 9 years ago

  • Blocks Bug #5720: Roles: Add scopes to finds in converted controllers added
Actions
Copy link
 #9

Updated by Anonymous over 9 years ago

  • Target version changed from 1.7.5 to 1.7.4
Actions
Copy link
 #10

Updated by Dominic Cleal over 9 years ago

  • Related to Bug #7221: Edit organization displays associated resources for use w/o permissions added
Actions
Copy link
 #11

Updated by Dominic Cleal over 9 years ago

  • Related to Bug #7337: organizations UI does not filter resources to associate based upon RBAC added
Actions
Copy link
 #12

Updated by Anonymous over 9 years ago

  • Target version changed from 1.7.4 to 1.7.3
Actions
Copy link
 #13

Updated by Dominic Cleal over 9 years ago

  • Target version changed from 1.7.3 to 1.7.2
Actions
Copy link
 #14

Updated by Dominic Cleal about 8 years ago

  • Status changed from Ready For Testing to New
  • Assignee deleted (Eric Helms)
  • Target version deleted (1.7.2)
  • Pull request deleted (https://github.com/Katello/katello/pull/4483)

Associated PR was closed.

Actions
Copy link
 #15

Updated by Marek Hulán over 7 years ago

  • Related to Feature #7289: ACL who can add a host to hostgroup. added
Actions
Copy link

Also available in: Atom PDF