From ce6efad1ffef0a8fd08e01446fd0f46ad903caf6 Mon Sep 17 00:00:00 2001 From: Dennis Kliban Date: Tue, 16 Jan 2024 15:08:37 -0500 Subject: [PATCH] Casts a repository object before checking permission on it. fixes: #4932 --- CHANGES/4932.bugfix | 1 + pulpcore/app/global_access_conditions.py | 2 +- pulpcore/tests/functional/api/pulp_file/test_rbac.py | 3 +++ 3 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 CHANGES/4932.bugfix diff --git a/CHANGES/4932.bugfix b/CHANGES/4932.bugfix new file mode 100644 index 0000000000..c8b629773d --- /dev/null +++ b/CHANGES/4932.bugfix @@ -0,0 +1 @@ +Fixed a bug where publications couldn't be created from repository versions when usig RBAC. diff --git a/pulpcore/app/global_access_conditions.py b/pulpcore/app/global_access_conditions.py index 3edf264292..5720f78eb0 100644 --- a/pulpcore/app/global_access_conditions.py +++ b/pulpcore/app/global_access_conditions.py @@ -426,7 +426,7 @@ def has_repo_or_repo_ver_param_model_or_domain_or_obj_perms(request, view, actio if repository := serializer.validated_data.get("repository"): return request.user.has_perm(permission, repository) elif repo_ver := serializer.validated_data.get("repository_version"): - return request.user.has_perm(permission, repo_ver.repository) + return request.user.has_perm(permission, repo_ver.repository.cast()) return True diff --git a/pulpcore/tests/functional/api/pulp_file/test_rbac.py b/pulpcore/tests/functional/api/pulp_file/test_rbac.py index 818175cc16..b9da5e1808 100644 --- a/pulpcore/tests/functional/api/pulp_file/test_rbac.py +++ b/pulpcore/tests/functional/api/pulp_file/test_rbac.py @@ -267,6 +267,9 @@ def test_object_creation( try_action( bob, file_publication_api_client, "create", 403, {"repository": admin_repo.pulp_href} ) + pub_from_repo_version = try_action( + bob, file_publication_api_client, "create", 202, {"repository_version": repo.latest_version_href} + ) pub = try_action( bob, file_publication_api_client, "create", 202, {"repository": repo.pulp_href} )