Bug 788314

Summary: Require site admin permissions for write access to the REST API
Product: [Community] PulpDist Reporter: Nick Coghlan <ncoghlan>
Component: Web AppAssignee: Nick Coghlan <ncoghlan>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecified   
Target Milestone: 0.1.0   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-05-23 08:25:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Nick Coghlan 2012-02-08 02:34:42 UTC 
If you're logged in as an ordinary user:

- all modification operations (POST, PUT, DELETE) for server resources should be disallowed
- when browsing the REST API as HTML, the relevant forms and submit buttons should not be displayed
Comment 1 Nick Coghlan 2012-02-14 07:15:04 UTC 
Move Web App issues to 0.2.0 - 0.1.0 will report sync status via the Management CLI.
Comment 2 Nick Coghlan 2012-05-23 08:25:58 UTC 
Non-admins are limited to GET and HEAD requests, operations are displayed only if supported by both the underlying API and the current user.