Fixes #18626: Popup error on group page with a readonly user in 6.2

Normation · Nov 20, 2020 · 8bdcc84 · 8bdcc84
1 parent 7e92207
commit 8bdcc84
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 2 deletions.
diff --git a/...ces/rudder/rudder-rest/src/main/scala/com/normation/rudder/rest/EndpointsDefinition.scala b/...ces/rudder/rudder-rest/src/main/scala/com/normation/rudder/rest/EndpointsDefinition.scala
@@ -267,6 +267,10 @@ object NodeApi extends ApiModuleProvider[NodeApi] {
     val description = "Accept or refuse pending nodes"
     val (action, path)  = POST / "nodes" / "pending"
   }
+
+  // WARNING: read_only user can access this endpoint
+  //    No modifications are performed here
+  //    POST over GET is required here because we can provide too many information to be passed as URL parameters
   final case object NodeDetailsTable extends NodeApi with InternalApi with ZeroParam  with StartsAtVersion13 with SortIndex { val z = implicitly[Line].value
     val description = "Getting data to build a Node table"
     val (action, path)  = POST / "nodes" / "details"

diff --git a/.../sources/rudder/rudder-rest/src/main/scala/com/normation/rudder/rest/RoleApiMapping.scala b/.../sources/rudder/rudder-rest/src/main/scala/com/normation/rudder/rest/RoleApiMapping.scala
@@ -138,13 +138,14 @@ final case object OnlyAdmin extends AuthorizationApiMapping {
         case Directive.Edit       => DirectiveApi.UpdateDirective.x :: Nil
 
         case Group.Read           => GroupApi.ListGroups.x :: GroupApi.GroupDetails.x :: GroupApi.GetGroupTree.x ::
-                                     GroupApi.GetGroupCategoryDetails.x :: GroupApi.GroupInheritedProperties.x :: Nil
+                                     GroupApi.GetGroupCategoryDetails.x :: GroupApi.GroupInheritedProperties.x ::
+                                     NodeApi.NodeDetailsTable.x :: Nil
         case Group.Write          => GroupApi.CreateGroup.x :: GroupApi.DeleteGroup.x :: GroupApi.ReloadGroup.x ::
                                      GroupApi.DeleteGroupCategory.x :: GroupApi.CreateGroupCategory.x :: Nil
         case Group.Edit           => GroupApi.UpdateGroup.x :: GroupApi.UpdateGroupCategory.x :: Nil
 
         case Node.Read            => NodeApi.ListAcceptedNodes.x :: NodeApi.ListPendingNodes.x :: NodeApi.NodeDetails.x ::
-                                     NodeApi.NodeInheritedProperties.x ::
+                                     NodeApi.NodeInheritedProperties.x :: NodeApi.NodeDetailsTable.x ::
                                      // node read also allows to read some settings
                                      AuthzForApi.withValues(SettingsApi.GetSetting, AclPathSegment.Segment("global_policy_mode") :: Nil ) ::
                                      AuthzForApi.withValues(SettingsApi.GetSetting, AclPathSegment.Segment("global_policy_mode_overridable") :: Nil ) ::

diff --git a/...pp/sources/rudder/rudder-rest/src/main/scala/com/normation/rudder/rest/lift/NodeApi.scala b/...pp/sources/rudder/rudder-rest/src/main/scala/com/normation/rudder/rest/lift/NodeApi.scala
@@ -416,6 +416,9 @@ class NodeApi (
     }
   }
 
+  // WARNING : This is a READ ONLY action
+  //   No modifications will be performed
+  //   read_only user can access this endpoint
   object NodeDetailsTable extends LiftApiModule0 {
     val schema = API.NodeDetailsTable
     val restExtractor = restExtractorService