MAAS

[2.5, RBAC, API, UI] Auditors are allowed to create devices

Bug #1812402 reported by Björn Tillenius
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
Fix Released
High
Alberto Donato
MAAS 2.6.0rc1
2.5
Fix Committed
Medium
Alberto Donato
MAAS 2.5.x

Bug Description

This is with MAAS 2.5.1-7489-g2f25a2cc0-0ubuntu1~18.04.1 and RBAC enabled.

I have a user that has no other roles in MAAS than auditor on a resource
pool.

Even though an auditor is supposed to have only view permissions, he
can still create new devices, both in the UI and in the API.

Tags: api rbac ui

Related branches

~ack/maas:backport-1812402
Alberto Donato (community): Approve
Diff: 137 lines (+55/-1)
6 files modified
src/maasserver/api/devices.py (+3/-0)
src/maasserver/api/tests/test_devices.py (+9/-0)
src/maasserver/forms/__init__.py (+5/-0)
src/maasserver/forms/tests/test_device.py (+32/-0)
src/maasserver/websockets/base.py (+3/-0)
src/maasserver/websockets/handlers/tests/test_device.py (+3/-1)
~ack/maas:1812402-create-device-rbac
Blake Rouse (community): Approve
Diff: 137 lines (+55/-1)
6 files modified
src/maasserver/api/devices.py (+3/-0)
src/maasserver/api/tests/test_devices.py (+9/-0)
src/maasserver/forms/__init__.py (+5/-0)
src/maasserver/forms/tests/test_device.py (+32/-0)
src/maasserver/websockets/base.py (+3/-0)
src/maasserver/websockets/handlers/tests/test_device.py (+3/-1)
Björn Tillenius (bjornt)
tags: added: api rbac ui
Changed in maas:
status: New → Triaged
importance: Undecided → High
milestone: none → 2.5.1
Andres Rodriguez (andreserl)
Changed in maas:
milestone: 2.5.1 → 2.5.2
Andres Rodriguez (andreserl)
Changed in maas:
milestone: 2.5.2 → 2.5.3
Andres Rodriguez (andreserl)
Changed in maas:
milestone: 2.5.3 → 2.6.0beta2
Andres Rodriguez (andreserl)
Changed in maas:
milestone: 2.6.0beta2 → 2.6.0rc1
Alberto Donato (ack)
Changed in maas:
assignee: nobody → Alberto Donato (ack)
Alberto Donato (ack)
Changed in maas:
status: Triaged → In Progress
Andres Rodriguez (andreserl)
Changed in maas:
milestone: 2.6.0rc1 → 2.6.0rc2
milestone: 2.6.0rc2 → 2.6.0rc1
Andres Rodriguez (andreserl)
Changed in maas:
milestone: 2.6.0rc1 → 2.6.0rc2
MAAS Lander (maas-lander)
Changed in maas:
status: In Progress → Fix Committed
Andres Rodriguez (andreserl)
Changed in maas:
milestone: 2.6.0rc2 → 2.6.0rc1
Andres Rodriguez (andreserl)
Changed in maas:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.