Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No user isn't an admin user anymore #991

Merged
merged 3 commits into from Apr 15, 2016
Merged

No user isn't an admin user anymore #991

merged 3 commits into from Apr 15, 2016

Conversation

@Calvinp
Copy link
Contributor

Calvinp commented Apr 7, 2016

The admin check would give you admin rights if you were logged in as no user.
This fixes that.

@tpetr please take a look - it is possible that there is a good reason for what Singularity was doing that I don't know about.

@ssalinas
Copy link
Member

ssalinas commented Apr 7, 2016

👍 I can't think of a reason where having no user should allow you any admin actions

@tpetr
Copy link
Member

tpetr commented Apr 7, 2016

LGTM, thanks. Let's be sure to test out the endpoints that use this method in the test cluster to make sure there aren't any side effects.

@Calvinp Calvinp added the hs_staging label Apr 7, 2016
@tpetr
Copy link
Member

tpetr commented Apr 7, 2016

On second thought, Unauthorized is the more correct response to return if the user is not present: http://stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses

I'd suggest copying what we do elsewhere and use the checkUnauthorized() method before checkForbidden()

@tpetr

This comment has been minimized.

we should be checking for unauthorized regardless of what adminGroups is

@tpetr
Copy link
Member

tpetr commented Apr 7, 2016

🎈

@Calvinp Calvinp added the hs_qa label Apr 8, 2016
@ssalinas ssalinas modified the milestone: 0.6.0 Apr 11, 2016
@Calvinp Calvinp added the hs_stable label Apr 14, 2016
@ssalinas
Copy link
Member

ssalinas commented Apr 15, 2016

Thanks for the fix @Calvinp

@ssalinas ssalinas merged commit b495521 into master Apr 15, 2016
1 of 2 checks passed
1 of 2 checks passed
continuous-integration/travis-ci/pr The Travis CI build failed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
@ssalinas ssalinas deleted the no-user-isnt-admin branch Apr 15, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.