Story #8160: as a user with 'auth.change_group' permission i can POST /pulp/api/v3/groups/3/users/ - Pulp

Actions

Send by e-mail Copy link

Story #8160

closed

as a user with 'auth.change_group' permission i can POST /pulp/api/v3/groups/3/users/

Added by dkliban@redhat.com over 2 years ago. Updated over 1 year ago.

Status:

CLOSED - CURRENTRELEASE

Priority:

Normal

Assignee:

mdellweg

Category:

Sprint/Milestone:

3.10.0

Start date:

Due date:

% Done:

100%

Estimated time:

Platform Release:

Groomed:

Sprint Candidate:

Tags:

Sprint:

Quarter:

Description

Looks like pulpcore 3.10.0.dev is not providing a default access policy for /pulp/api/v3/groups/<id>/users/ and as a result non-admin users can't modify users in a group using that URL.

Related issues

Actions

Copy link

Updated by dkliban@redhat.com over 2 years ago

Copied from Story #8159: as a user with 'auth.view_group' permission i can GET /pulp/api/v3/groups/ added

Actions

Copy link

Updated by ipanova@redhat.com over 2 years ago

Sprint/Milestone set to 3.10.0

Actions

Copy link

Updated by mdellweg over 2 years ago

Status changed from NEW to ASSIGNED
Assignee set to mdellweg

Actions

Copy link

Updated by mdellweg over 2 years ago

Tracker changed from Issue to Story
Subject changed from user with 'auth.change_group' permission receives 403 on POST /pulp/api/v3/groups/3/users/ to as a user with 'auth.change_group' permission i can POST /pulp/api/v3/groups/3/users/
% Done set to 0
Severity deleted (~~2. Medium~~)
Triaged deleted (No)