Actions
Bug #9747
closedIn 4.0.0, whole api is available under /secure/api, whatever the user role
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Fix check:
Regression:
Description
In 4.0.0, we added access to the API under /secure path so that user can use it to configure settings.
But we added the whole API tree, and that, whatever the role.
We need to limit to only admin role (read => get / write => other verbs) the access to only the settings API.
Updated by Vincent MEMBRÉ about 8 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Vincent MEMBRÉ to François ARMAND
- Pull Request set to https://github.com/Normation/rudder/pull/1394
Updated by Vincent MEMBRÉ about 8 years ago
- Status changed from Pending technical review to Pending release
- % Done changed from 0 to 100
Applied in changeset rudder|09800f2dfedbf0fc3f8c6ddadeb4dde0fb3de474.
Updated by Vincent MEMBRÉ about 8 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 4.0.1 which was released today.
- 4.0.1: Announce Changelog
- Download: https://www.rudder-project.org/site/get-rudder/downloads/
Updated by Vincent MEMBRÉ over 5 years ago
- Private changed from Yes to No
- Priority set to 0
Actions