Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

authentication permission #4442

Closed
TenGbps opened this issue Dec 28, 2017 · 0 comments
Closed

authentication permission #4442

TenGbps opened this issue Dec 28, 2017 · 0 comments
Assignees
Milestone

Comments

@TenGbps
Copy link

@TenGbps TenGbps commented Dec 28, 2017

Authentication permission are not return by /api/system/permissions

public static final String AUTHENTICATION_READ = "authentication:read";
public static final String AUTHENTICATION_EDIT = "authentication:edit";

Linked with #4420

capture

You can add manually the both permissions for bug #4420 fix

  • Graylog Version: 2.4.0
  • Elasticsearch Version: 5.5.1
  • MongoDB Version: 2.6.12
  • Operating System: CentOS7
  • Browser version: Firefox 58
@kroepke kroepke assigned kroepke and unassigned dennisoelkers Jan 17, 2018
@kroepke kroepke added this to the 2.4.1 milestone Jan 17, 2018
@ghost ghost added the in progress label Jan 17, 2018
@bernd bernd closed this in #4488 Jan 18, 2018
bernd added a commit that referenced this issue Jan 18, 2018
* include authentication permissions in meta resource

fixes #4442

* filter authentication provider information by realm names

instead of requiring a global permission, apply the permission check to each
realm to be returned.
this makes it possible to assign more finely grained access, but more importantly
allows the call to succeed even if the user cannot see any realm configuration
in that case the set is merely empty, but it is not a permission violation

this allows users to edit their own profile again

fixes #4420
@ghost ghost removed the in progress label Jan 18, 2018
bernd added a commit that referenced this issue Jan 18, 2018
* include authentication permissions in meta resource

fixes #4442

* filter authentication provider information by realm names

instead of requiring a global permission, apply the permission check to each
realm to be returned.
this makes it possible to assign more finely grained access, but more importantly
allows the call to succeed even if the user cannot see any realm configuration
in that case the set is merely empty, but it is not a permission violation

this allows users to edit their own profile again

fixes #4420

(cherry picked from commit 5a4376d)
@ghost ghost assigned bernd Jan 18, 2018
kroepke added a commit that referenced this issue Jan 19, 2018
* include authentication permissions in meta resource

fixes #4442

* filter authentication provider information by realm names

instead of requiring a global permission, apply the permission check to each
realm to be returned.
this makes it possible to assign more finely grained access, but more importantly
allows the call to succeed even if the user cannot see any realm configuration
in that case the set is merely empty, but it is not a permission violation

this allows users to edit their own profile again

fixes #4420

(cherry picked from commit 5a4376d)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

5 participants