788314 – Require site admin permissions for write access to the REST API

Bug 788314 - Require site admin permissions for write access to the REST API

Summary: Require site admin permissions for write access to the REST API

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	PulpDist
Classification:	Community
Component:	Web App
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	0.1.0
Assignee:	Nick Coghlan
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-02-08 02:34 UTC by Nick Coghlan
Modified:	2012-05-23 08:25 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-05-23 08:25:58 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Nick Coghlan 2012-02-08 02:34:42 UTC

If you're logged in as an ordinary user:

- all modification operations (POST, PUT, DELETE) for server resources should be disallowed
- when browsing the REST API as HTML, the relevant forms and submit buttons should not be displayed

Comment 1 Nick Coghlan 2012-02-14 07:15:04 UTC

Move Web App issues to 0.2.0 - 0.1.0 will report sync status via the Management CLI.

Comment 2 Nick Coghlan 2012-05-23 08:25:58 UTC

Non-admins are limited to GET and HEAD requests, operations are displayed only if supported by both the underlying API and the current user.

Note You need to log in before you can comment on or make changes to this bug.