Story #8160: as a user with 'auth.change_group' permission i can POST /pulp/api/v3/groups/3/users/ - Pulp

Send by e-mail

Story #8160

as a user with 'auth.change_group' permission i can POST /pulp/api/v3/groups/3/users/

Added by dkliban@redhat.com 3 months ago. Updated 3 months ago.

Status:

CLOSED - CURRENTRELEASE

Priority:

Normal

Assignee:

mdellweg

Category:

Sprint/Milestone:

3.10.0

Start date:

Due date:

% Done:

100%

Estimated time:

Platform Release:

Groomed:

Sprint Candidate:

Tags:

Sprint:

Quarter:

Description

Looks like pulpcore 3.10.0.dev is not providing a default access policy for /pulp/api/v3/groups/<id>/users/ and as a result non-admin users can't modify users in a group using that URL.

Related issues

Associated revisions

Revision 1127e5c6 View on GitHub
Added by mdellweg 3 months ago

Add RBAC to the group users endpoint

fixes #8160 https://pulp.plan.io/issues/8160

History

#1 Updated by dkliban@redhat.com 3 months ago

Copied from Story #8159: as a user with 'auth.view_group' permission i can GET /pulp/api/v3/groups/ added

#2 Updated by ipanova@redhat.com 3 months ago

Sprint/Milestone set to 3.10.0

#3 Updated by mdellweg 3 months ago

Status changed from NEW to ASSIGNED
Assignee set to mdellweg

#4 Updated by mdellweg 3 months ago

Tracker changed from Issue to Story
Subject changed from user with 'auth.change_group' permission receives 403 on POST /pulp/api/v3/groups/3/users/ to as a user with 'auth.change_group' permission i can POST /pulp/api/v3/groups/3/users/
% Done set to 0
Severity deleted (~~2. Medium~~)
Triaged deleted (No)