Project

Profile

Help

Issue #759

DELETE /v2/repositories/<repo_id>/distributors/<distributor_id>/ requires incorrect permissions

Added by amacdona@redhat.com over 6 years ago. Updated over 2 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
1. Low
Version:
Platform Release:
2.7.0
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

A DELETE call to /v2/repositories/<repo_id>/distributors/<distributor_id>/ requires UPDATE permissions rather than DELETE.

See line 1

@auth_required(UPDATE)
def DELETE(self, repo_id, distributor_id):
    # validate resources
    manager = manager_factory.repo_distributor_manager()
    manager.get_distributor(repo_id, distributor_id)
    # delete
    task_tags = [
        tags.resource_tag(tags.RESOURCE_REPOSITORY_TYPE, repo_id),
        tags.resource_tag(tags.RESOURCE_REPOSITORY_DISTRIBUTOR_TYPE, distributor_id),
        tags.action_tag('remove_distributor')
    ]
    async_result = repository.distributor_delete.apply_async_with_reservation(
        tags.RESOURCE_REPOSITORY_TYPE, repo_id, [repo_id, distributor_id],
        tags=task_tags)
    raise exceptions.OperationPostponed(async_result)

Note
This will be fixed by the django conversion.

History

#1 Updated by dkliban@redhat.com over 6 years ago

  • Triaged changed from No to Yes
  • Platform Release set to 2.7.0

#2 Updated by amacdona@redhat.com over 6 years ago

  • Status changed from ASSIGNED to MODIFIED
  • Severity set to 1. Low

#3 Updated by dkliban@redhat.com over 6 years ago

  • Status changed from MODIFIED to 5

#4 Updated by pthomas@redhat.com over 6 years ago

  • Status changed from 5 to 6

verified

[root@mgmt4 ~]# http --json -a admin:admin --verify=no POST 'https://localhost/pulp/api/v2/permissions/actions/grant_to_user/' login=testuser resource=/v2/repositories/zoo/distributors/yum_distributor/ operations:='["DELETE"]'
Traceback (most recent call last):
  File "/usr/bin/http", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/usr/lib/python2.6/site-packages/pkg_resources.py", line 2655, in <module>
    working_set.require(__requires__)
  File "/usr/lib/python2.6/site-packages/pkg_resources.py", line 648, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib/python2.6/site-packages/pkg_resources.py", line 546, in resolve
    raise DistributionNotFound(req)
pkg_resources.DistributionNotFound: argparse>=1.2.1
[root@mgmt4 ~]# 
[root@mgmt4 ~]# pulp-admin auth 
Usage: pulp-admin [SUB_SECTION, ..] COMMAND
Description: manage users, roles and permissions

[root@mgmt4 ~]# pulp-admin auth  permission  grant --resource /v2/repositories/zoo/distributors/yum_distributor/  --login testuser
Command: grant
Description: grants resource permissions to given user or given role
Usage: you can specify either login or role-id in this command; both cannot be
specified at the same time

Available Arguments:

  --resource - (required) resource REST API path whose permissions are being
               manipulated
  --login    - login of the user to which access to given resource is being
               granted
  --role-id  - id of the role to which access to given resource is being granted
  -o         - (required) type of permissions being granted, valid permissions:
               create, read, update, delete, execute
The following options are required but were not specified:
  -o
[root@mgmt4 ~]# pulp-admin auth  permission  grant --resource /v2/repositories/zoo/distributors/yum_distributor/  --login testuser -o DELETE
Permissions [/v2/repositories/zoo/distributors/yum_distributor/ : ['DELETE']]
successfully granted to user [testuser]

[root@mgmt4 ~]# curl  -H "Accept: application/json" -X DELETE -k -u testuser:test 'https://localhost/pulp/api/v2/repositories/zoo/distributors/yum_distributor/'
{"spawned_tasks": [{"_href": "/pulp/api/v2/tasks/5057b938-baf8-47ca-bdd7-976aa61b9c58/", "task_id": "5057b938-baf8-47ca-bdd7-976aa61b9c58"}], "result": null, "error": null}[root@mgmt4 ~]# 
[root@mgmt4 ~]# 
[root@mgmt4 ~]# 

#5 Updated by amacdona@redhat.com almost 6 years ago

  • Status changed from 6 to CLOSED - CURRENTRELEASE

#7 Updated by bmbouter over 2 years ago

  • Tags Pulp 2 added

Please register to edit this issue

Also available in: Atom PDF