Bug #9747: In 4.0.0, whole api is available under /secure/api, whatever the user role - Rudder - Issue Tracker

Actions

Copy link

Bug #9747

closed

In 4.0.0, whole api is available under /secure/api, whatever the user role

Added by François ARMAND almost 8 years ago. Updated over 5 years ago.

Status:

Released

Priority:

1 (highest)

Assignee:

François ARMAND

Category:

API

Target version:

4.0.1

Pull Request:

https://github.com/Normation/rudder/p...

Severity:

UX impact:

User visibility:

Effort required:

Priority:

Name check:

Fix check:

Regression:

Description

In 4.0.0, we added access to the API under /secure path so that user can use it to configure settings.
But we added the whole API tree, and that, whatever the role.
We need to limit to only admin role (read => get / write => other verbs) the access to only the settings API.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder

Custom queries

Bug #9747

In 4.0.0, whole api is available under /secure/api, whatever the user role

Updated by Vincent MEMBRÉ almost 8 years ago

Updated by Vincent MEMBRÉ almost 8 years ago

Updated by Vincent MEMBRÉ almost 8 years ago

Updated by Vincent MEMBRÉ over 5 years ago