Actions
Story #8160
closed
as a user with 'auth.change_group' permission i can POST /pulp/api/v3/groups/3/users/
Start date:
Due date:
% Done:
100%
Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:
Description
Looks like pulpcore 3.10.0.dev is not providing a default access policy for /pulp/api/v3/groups/<id>/users/ and as a result non-admin users can't modify users in a group using that URL.
Related issues
Actions
.
Add RBAC to the group users endpoint
fixes #8160 https://pulp.plan.io/issues/8160