New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Checking user privileges before performing Input State operations. #4455

Merged
merged 1 commit into from Jan 4, 2018

Conversation

Projects
None yet
2 participants
@dennisoelkers
Member

dennisoelkers commented Jan 4, 2018

Description

Motivation and Context

Before this change, any user was able to start/stop inputs without the
possession of the required privileges. The InputStatesResource class
did not perform any permission checks for operations.

After this change, a user who starts/stops an input requires the newly
introduced inputs:changestate permission (consistent with permission
handling of indices/processing/streams) in order to perform these
state changes.

Fixes #4439.

How Has This Been Tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
Checking user privileges before performing Input State operations. (#…
…4454)

* Checking user privileges before performing Input State operations.

Before this change, any user was able to start/stop inputs without the
possession of the required privileges. The `InputStatesResource` class
did not perform any permission checks for operations.

After this change, a user who starts/stops an input requires the newly
introduced `inputs:changestate` permission (consistent with permission
handling of indices/processing/streams) in order to perform these
state changes.

Fixes #4439.

* Adding new permission to set containing all permissions.

(cherry picked from commit 6680fa6)
@bernd

bernd approved these changes Jan 4, 2018

LGTM 👍

@bernd bernd merged commit e8f3cad into 2.4 Jan 4, 2018

1 of 5 checks passed

ci-web-linter Jenkins build graylog-pr-linter-check 2154 has failed
Details
graylog-project/pr Jenkins build graylog-project-pr-snapshot 861 has failed
Details
continuous-integration/travis-ci/pr The Travis CI build is in progress
Details
continuous-integration/travis-ci/push The Travis CI build is in progress
Details
license/cla Contributor License Agreement is signed.
Details

@wafflebot wafflebot bot removed the ready-for-review label Jan 4, 2018

@bernd bernd deleted the issue-4439-2.4 branch Jan 4, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment