Description of problem: Trying to GET /api/policies or /api/policy_profiles results in {"error":{"kind":"forbidden","message":"Use of the read action is forbidden","klass":"Api::BaseController::Forbidden"}} Version-Release number of selected component (if applicable): 5.7.0.0 How reproducible: always
https://github.com/ManageIQ/manageiq/pull/11364
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/72a4e6bd803e946765d3769073141c39c689679d commit 72a4e6bd803e946765d3769073141c39c689679d Author: Šimon Lukašík <isimluk> AuthorDate: Mon Sep 19 11:57:38 2016 +0200 Commit: Šimon Lukašík <isimluk> CommitDate: Mon Sep 19 13:43:52 2016 +0200 API: Fix permissions on /api/policy_profiles https://bugzilla.redhat.com/show_bug.cgi?id=1376753 The profile_show_list did not exists, as result the /api/profiles entrypoint was returning Forbidden. config/api.yml | 6 +++--- db/fixtures/miq_product_features.yml | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-)
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/af66451b150b62617076c9e3bcd20d9ceb0702ec commit af66451b150b62617076c9e3bcd20d9ceb0702ec Author: Šimon Lukašík <isimluk> AuthorDate: Mon Sep 19 11:36:38 2016 +0200 Commit: Šimon Lukašík <isimluk> CommitDate: Mon Sep 19 11:42:19 2016 +0200 API: Fix permissions on /api/policies https://bugzilla.redhat.com/show_bug.cgi?id=1376753 The policy_show_list and policy_show did not exists, as a result anyone trying to use this entrypoint discovered Forbidden exception. The policy_view feature seems to be just enough, I can see no need for fine grained _show and _show_list. Note that tests were passing just ok on /api/policies, that is because we explicitly call 'api_basic_authorize :policy_show_list'. We need another test to ensure that identifiers are valid. config/api.yml | 6 +++--- db/fixtures/miq_product_features.yml | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-)
Verified that it's possible to GET /api/policies and /api/policy_profiles
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2017-0012.html