Actions
Story #8160
closed
as a user with 'auth.change_group' permission i can POST /pulp/api/v3/groups/3/users/
Start date:
Due date:
% Done:
100%
Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:
Description
Looks like pulpcore 3.10.0.dev is not providing a default access policy for /pulp/api/v3/groups/<id>/users/ and as a result non-admin users can't modify users in a group using that URL.
Related issues
Updated by dkliban@redhat.com over 1 year ago
- Copied from Story #8159: as a user with 'auth.view_group' permission i can GET /pulp/api/v3/groups/ added
Updated by mdellweg over 1 year ago
- Status changed from NEW to ASSIGNED
- Assignee set to mdellweg
Updated by mdellweg over 1 year ago
- Tracker changed from Issue to Story
- Subject changed from user with 'auth.change_group' permission receives 403 on POST /pulp/api/v3/groups/3/users/ to as a user with 'auth.change_group' permission i can POST /pulp/api/v3/groups/3/users/
- % Done set to 0
- Severity deleted (
2. Medium) - Triaged deleted (
No)
Updated by pulpbot over 1 year ago
- Status changed from ASSIGNED to POST
Added by mdellweg over 1 year ago
Updated by mdellweg over 1 year ago
- Status changed from POST to MODIFIED
- % Done changed from 0 to 100
Applied in changeset pulpcore|1127e5c63d4154d57237b7886e9deb5526b21881.
Updated by pulpbot over 1 year ago
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
Actions
.
Add RBAC to the group users endpoint
fixes #8160 https://pulp.plan.io/issues/8160