Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RUN-945: Return basic Rundeck server info without any authorization. #7772

Merged
merged 3 commits into from
Jun 15, 2022
Merged

RUN-945: Return basic Rundeck server info without any authorization. #7772

merged 3 commits into from
Jun 15, 2022

Conversation

carlosrfranco
Copy link
Contributor

Is this a bugfix, or an enhancement? Please describe.
"Process Automation" menu does not work if the user does not have read access

Describe the solution you've implemented
The /server/info endpoint was changed to accept request without any authorization and returns only basic info. All other info is included if the user has read access

@carlosrfranco
RUN-945 return basic rundeck server info without any authorization. I…
9bc75b8 
…f user has READ access, all other data is included
@carlosrfranco carlosrfranco added this to the 4.4.0 milestone Jun 14, 2022
@carlosrfranco carlosrfranco self-assigned this Jun 14, 2022
@mergify mergify bot added the 4.x label Jun 14, 2022
ehe-pd
ehe-pd reviewed Jun 15, 2022
View reviewed changes
rundeckapp/grails-app/controllers/rundeck/controllers/ApiController.groovy
)
]

if(authorizingSystem.isAuthorized(RundeckAccess.System.READ_OR_OPS_ADMIN)){
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the difference between RundeckAccess.System.AUTH_READ_OR_OPS_ADMIN and RundeckAccess.System.READ_OR_OPS_ADMIN?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RundeckAccess.System.AUTH_READ_OR_OPS_ADMIN is a string to name auth actions and RundeckAccess.System.READ_OR_OPS_ADMIN is the auth action

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems like a duplication.
When I checked the source code, I found

put(AUTH_READ_OR_OPS_ADMIN, READ_OR_OPS_ADMIN);

which indicates those two things are 1:1 matched.

I think there is an opportunity to improve the code. Let's plan it in another PR.

Thanks.

ehe-pd
ehe-pd reviewed Jun 15, 2022
View reviewed changes
Copy link
Contributor

@ehe-pd ehe-pd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fix can solve the problem. There are some minor improvements that should be addressed.

ehe-pd
ehe-pd approved these changes Jun 15, 2022
View reviewed changes
Copy link
Contributor

@ehe-pd ehe-pd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested. It worked as expected.

@carlosrfranco carlosrfranco merged commit 929bc46 into main Jun 15, 2022
@carlosrfranco carlosrfranco deleted the RUN-945-show-server-info branch June 15, 2022 21:22
@fdevans fdevans changed the title RUN-945 return basic rundeck server info without any authorization. RUN-945: Return basic Rundeck server info without any authorization. Jun 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehe-pd ehe-pd ehe-pd approved these changes

Assignees

@carlosrfranco carlosrfranco

Labels
4.x
Projects
None yet
Milestone
4.4.0
Development

Successfully merging this pull request may close these issues.
2 participants
@carlosrfranco @ehe-pd