Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
apiserver: allow AllWatcher access even without controller login access #6453
Conversation
|
!!build!! |
|
$$merge$$ |
|
Status: merge request accepted. Url: http://juju-ci.vapour.ws:8080/job/github-merge-juju |
jujubot
merged commit 2744413
into
juju:develop
Oct 18, 2016
1 check failed
github-check-merge-juju
Built PR, ran unit tests, and tested LXD deploy.
Details
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
rogpeppe commentedOct 14, 2016
A watcher is special in that it can't do anything unless a resource
has already been created (with a Watch method). That means
that the important place to check permissions is when the
watcher resource is created, not when the watcher is used.
The permission check removed here was both unnecesssary
(as described above) and insufficient (the user might have login
access to the controller but no access to the model being watched,
for example).