Issue #8018: viewsets that are not guarded by rbac allow any user known to the system - Pulp

Actions

Send by e-mail Copy link

Issue #8018

closed

viewsets that are not guarded by rbac allow any user known to the system

Added by mdellweg almost 4 years ago. Updated almost 4 years ago.

Status:

CLOSED - CURRENTRELEASE

Priority:

Normal

Assignee:

mdellweg

Category:

Sprint/Milestone:

3.10.0

Start date:

Due date:

Estimated time:

Severity:

2. Medium

Version:

Platform Release:

OS:

Triaged:

Yes

Groomed:

Sprint Candidate:

Tags:

Sprint:

Sprint 88

Quarter:

Description

As discussed on the mailinglist, it seems to be better to restrict access to all endpoints not explicitly guarded by rbac to users with the is_staff flag, aka admins.

Actions

Send by e-mail Copy link

Also available in: Atom PDF

Project

Profile

Help

Pulp

Agile boards

Custom queries

Issue #8018

viewsets that are not guarded by rbac allow any user known to the system

Updated by pulpbot almost 4 years ago

Updated by dkliban@redhat.com almost 4 years ago

Updated by ttereshc almost 4 years ago

Added by mdellweg almost 4 years ago

Updated by mdellweg almost 4 years ago

Updated by pulpbot almost 4 years ago