Actions
Bug #26847
open
Change validation - Architecture #26788: Rewrite WorkflowInformation navigation bar in Elm
A user that has only the "deployer_read" right does not have access to the settings API
Pull Request:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No
Description
$ curl --header "X-Requested-With: XMLHttpRequest" --header "Cookie: JSESSIONID= $(cat myCookie)" --request GET http://localhost:8080/rudder/secure/api/settings/enable_change_request | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 172 100 172 0 0 31210 0 --:--:-- --:--:-- --:--:-- 34400
{
"action": "getSetting",
"result": "error",
"errorDetails": "Authorization error: User 'deployer_read_user' is not allowed to access GET secure/api/settings/{key}"
}
Updated by Véronique HAYAERT 5 days ago
- Status changed from In progress to Pending technical review
- Pull Request set to https://github.com/Normation/rudder/pull/6346
Updated by Véronique HAYAERT 5 days ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|2d1d3bbdc2b761aa21ef53bd11b1ed3799b8f28e.
Updated by Clark ANDRIANASOLO about 10 hours ago
- Fix check changed from To do to Checked
Now with a user with the deployer read rights :
curl -H "Cookie: JSESSIONID=node01smfb2uvo4vo2qu2fowu43y1910.node0" -H "X-Requested-With: XMLHttpRequest" http://localhost:8081/rudder/secure/api/settings/nable_change_request
{"action":"getSetting","id":"enable_change_request","result":"success","data":{"settings":{"enable_change_request":true}}}
Actions