Bug 1376753 - forbidden to read policies and policy_profiles using REST API
Summary: forbidden to read policies and policy_profiles using REST API
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: API
Version: 5.7.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: GA
: 5.7.0
Assignee: Šimon Lukašík
QA Contact: Martin Kourim
URL:
Whiteboard: api:rest
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-16 10:24 UTC by Martin Kourim
Modified: 2017-01-04 13:00 UTC (History)
4 users (show)

Fixed In Version: 5.7.0.2
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-01-04 13:00:51 UTC
Category: ---
Cloudforms Team: CFME Core
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:0012 0 normal SHIPPED_LIVE CFME 5.7.0 bug fixes and enhancement update 2017-01-04 17:50:36 UTC

Description Martin Kourim 2016-09-16 10:24:55 UTC 
Description of problem:

Trying to GET /api/policies or /api/policy_profiles results in

{"error":{"kind":"forbidden","message":"Use of the read action is forbidden","klass":"Api::BaseController::Forbidden"}}


Version-Release number of selected component (if applicable):
5.7.0.0


How reproducible:
always
Comment 2 CFME Bot 2016-09-19 14:16:41 UTC 
https://github.com/ManageIQ/manageiq/pull/11364
Comment 3 CFME Bot 2016-09-20 23:05:59 UTC 
New commit detected on ManageIQ/manageiq/master:
https://github.com/ManageIQ/manageiq/commit/72a4e6bd803e946765d3769073141c39c689679d

commit 72a4e6bd803e946765d3769073141c39c689679d
Author:     Šimon Lukašík <isimluk>
AuthorDate: Mon Sep 19 11:57:38 2016 +0200
Commit:     Šimon Lukašík <isimluk>
CommitDate: Mon Sep 19 13:43:52 2016 +0200

    API: Fix permissions on /api/policy_profiles
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1376753
    
    The profile_show_list did not exists, as result the /api/profiles
    entrypoint was returning Forbidden.

 config/api.yml                       | 6 +++---
 db/fixtures/miq_product_features.yml | 4 ++++
 2 files changed, 7 insertions(+), 3 deletions(-)
Comment 4 CFME Bot 2016-09-20 23:06:03 UTC 
New commit detected on ManageIQ/manageiq/master:
https://github.com/ManageIQ/manageiq/commit/af66451b150b62617076c9e3bcd20d9ceb0702ec

commit af66451b150b62617076c9e3bcd20d9ceb0702ec
Author:     Šimon Lukašík <isimluk>
AuthorDate: Mon Sep 19 11:36:38 2016 +0200
Commit:     Šimon Lukašík <isimluk>
CommitDate: Mon Sep 19 11:42:19 2016 +0200

    API: Fix permissions on /api/policies
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1376753
    
    The policy_show_list and policy_show did not exists, as a result anyone
    trying to use this entrypoint discovered Forbidden exception.
    
    The policy_view feature seems to be just enough, I can see no need for
    fine grained _show and _show_list.
    
    Note that tests were passing just ok on /api/policies, that is because
    we explicitly call 'api_basic_authorize :policy_show_list'. We need
    another test to ensure that identifiers are valid.

 config/api.yml                       | 6 +++---
 db/fixtures/miq_product_features.yml | 4 ++++
 2 files changed, 7 insertions(+), 3 deletions(-)
Comment 5 Martin Kourim 2016-10-06 12:34:37 UTC 
Verified that it's possible to GET /api/policies and /api/policy_profiles
Comment 7 errata-xmlrpc 2017-01-04 13:00:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0012.html
Note You need to log in before you can comment on or make changes to this bug.