Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check auth realm access on instance level (#4488) #4494

Merged
merged 1 commit into from Jan 19, 2018
Merged

Conversation

@bernd
Copy link
Member

@bernd bernd commented Jan 18, 2018

  • include authentication permissions in meta resource

fixes #4442

  • filter authentication provider information by realm names

instead of requiring a global permission, apply the permission check to each
realm to be returned.
this makes it possible to assign more finely grained access, but more importantly
allows the call to succeed even if the user cannot see any realm configuration
in that case the set is merely empty, but it is not a permission violation

this allows users to edit their own profile again

fixes #4420

(cherry picked from commit 5a4376d)

* include authentication permissions in meta resource

fixes #4442

* filter authentication provider information by realm names

instead of requiring a global permission, apply the permission check to each
realm to be returned.
this makes it possible to assign more finely grained access, but more importantly
allows the call to succeed even if the user cannot see any realm configuration
in that case the set is merely empty, but it is not a permission violation

this allows users to edit their own profile again

fixes #4420

(cherry picked from commit 5a4376d)
@bernd bernd added this to the 2.4.1 milestone Jan 18, 2018
@bernd bernd requested a review from kroepke Jan 18, 2018
@ghost ghost assigned bernd Jan 18, 2018
@bernd bernd removed their assignment Jan 18, 2018
@kroepke kroepke merged commit 00f3079 into 2.4 Jan 19, 2018
4 of 5 checks passed
4 of 5 checks passed
ci-web-linter Jenkins build graylog-pr-linter-check 2189 has failed
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
graylog-project/pr Jenkins build graylog-project-pr-snapshot 915 has succeeded
Details
license/cla Contributor License Agreement is signed.
Details
@kroepke kroepke deleted the auth-permissions-2.4 branch Jan 19, 2018
@ghost ghost removed the ready-for-review label Jan 19, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
You can’t perform that action at this time.