Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No user isn't an admin user anymore #991

Merged
merged 3 commits into from Apr 15, 2016
Merged

No user isn't an admin user anymore #991

merged 3 commits into from Apr 15, 2016

Conversation

Calvinp
Copy link
Contributor

@Calvinp Calvinp commented Apr 7, 2016

The admin check would give you admin rights if you were logged in as no user.
This fixes that.

@tpetr please take a look - it is possible that there is a good reason for what Singularity was doing that I don't know about.

@ssalinas
Copy link
Member

ssalinas commented Apr 7, 2016

👍 I can't think of a reason where having no user should allow you any admin actions

@tpetr
Copy link
Contributor

tpetr commented Apr 7, 2016

LGTM, thanks. Let's be sure to test out the endpoints that use this method in the test cluster to make sure there aren't any side effects.

@tpetr
Copy link
Contributor

tpetr commented Apr 7, 2016

On second thought, Unauthorized is the more correct response to return if the user is not present: http://stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses

I'd suggest copying what we do elsewhere and use the checkUnauthorized() method before checkForbidden()

@tpetr
Copy link
Contributor

tpetr commented Apr 7, 2016

🎈

@Calvinp Calvinp added the hs_qa label Apr 8, 2016
@ssalinas ssalinas modified the milestone: 0.6.0 Apr 11, 2016
@ssalinas
Copy link
Member

ssalinas commented Apr 15, 2016

Thanks for the fix @Calvinp

@ssalinas ssalinas merged commit b495521 into master Apr 15, 2016
@ssalinas ssalinas deleted the no-user-isnt-admin branch Apr 15, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants