New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Checking user privileges before performing Input State operations. #4454

Merged
merged 2 commits into from Jan 4, 2018

Conversation

Projects
None yet
2 participants
@dennisoelkers
Member

dennisoelkers commented Jan 4, 2018

Description

Motivation and Context

Before this change, any user was able to start/stop inputs without the
possession of the required privileges. The InputStatesResource class
did not perform any permission checks for operations.

After this change, a user who starts/stops an input requires the newly
introduced inputs:changestate permission (consistent with permission
handling of indices/processing/streams) in order to perform these
state changes.

Fixes #4439.

How Has This Been Tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
Checking user privileges before performing Input State operations.
Before this change, any user was able to start/stop inputs without the
possession of the required privileges. The `InputStatesResource` class
did not perform any permission checks for operations.

After this change, a user who starts/stops an input requires the newly
introduced `inputs:changestate` permission (consistent with permission
handling of indices/processing/streams) in order to perform these
state changes.

Fixes #4439.
@@ -67,6 +67,7 @@
public static final String INDICES_DELETE = "indices:delete";
public static final String INDICES_FAILURES = "indices:failures";
public static final String INDICES_READ = "indices:read";
public static final String INPUTS_CHANGESTATE = "inputs:changestate";

This comment has been minimized.

@bernd

bernd Jan 4, 2018

Member

Please add the new INPUTS_CHANGESTATE permission to the PERMISSIONS Set below.

This comment has been minimized.

@dennisoelkers
@bernd

bernd approved these changes Jan 4, 2018

LGTM 👍

@bernd bernd merged commit 6680fa6 into master Jan 4, 2018

5 checks passed

ci-web-linter Jenkins build graylog-pr-linter-check 2152 has succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
graylog-project/pr Jenkins build graylog-project-pr-snapshot 858 has succeeded
Details
license/cla Contributor License Agreement is signed.
Details

@wafflebot wafflebot bot removed the ready-for-review label Jan 4, 2018

@bernd bernd deleted the issue-4439 branch Jan 4, 2018

dennisoelkers added a commit that referenced this pull request Jan 4, 2018

Checking user privileges before performing Input State operations. (#…
…4454)

* Checking user privileges before performing Input State operations.

Before this change, any user was able to start/stop inputs without the
possession of the required privileges. The `InputStatesResource` class
did not perform any permission checks for operations.

After this change, a user who starts/stops an input requires the newly
introduced `inputs:changestate` permission (consistent with permission
handling of indices/processing/streams) in order to perform these
state changes.

Fixes #4439.

* Adding new permission to set containing all permissions.

(cherry picked from commit 6680fa6)

bernd added a commit that referenced this pull request Jan 4, 2018

Checking user privileges before performing Input State operations. (#…
…4454) (#4455)

* Checking user privileges before performing Input State operations.

Before this change, any user was able to start/stop inputs without the
possession of the required privileges. The `InputStatesResource` class
did not perform any permission checks for operations.

After this change, a user who starts/stops an input requires the newly
introduced `inputs:changestate` permission (consistent with permission
handling of indices/processing/streams) in order to perform these
state changes.

Fixes #4439.

* Adding new permission to set containing all permissions.

(cherry picked from commit 6680fa6)

@dennisoelkers dennisoelkers modified the milestones: 2.4.1, 3.0.0 Jan 11, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment