-
Notifications
You must be signed in to change notification settings - Fork 982
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #15490 - adding view_host filter and improving error messages #2428
Conversation
@@ -317,7 +317,7 @@ | |||
:externalNodes, :pxe_config, :storeconfig_klasses, :auto_complete_search, :bmc, | |||
:runtime, :resources, :templates, :overview, :nics], | |||
:dashboard => [:OutOfSync, :errors, :active], | |||
:unattended => [:template, :provision], | |||
:unattended => [:template, :provision] + TemplateKind.all.map(&:name).map(&:to_sym), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
avoid double map, TemplateKind.all.map { |kind| kind.name.to_sym }
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also I'd prefer using some hard list (maybe just put this into constant https://github.com/theforeman/foreman/blob/develop/db/seeds.d/07-config_templates.rb#L9),
- one reason is that if plugin introduces new kind it should also map it's own permission, this would allow to review any custom template kind with view_host permission
- second is that this is required in initializer https://github.com/theforeman/foreman/blob/develop/config/initializers/foreman.rb#L1 and it's good to avoid using AR there
In redmine issue you've mentioned |
Yeah, changed my mind because it looks like |
ea3fd32
to
36d0f89
Compare
Fixed, what you think? |
36d0f89
to
ef1bdb1
Compare
Fixed failing tests. FYI these were expecting incorrect behavior. If you test this, the controller errors out with "Undefined method: layout" error because actually layout is not usable with this particular controller. |
@@ -312,12 +312,13 @@ | |||
pc_ajax_actions = [:parameters] | |||
subnets_ajax_actions = [:freeip] | |||
tasks_ajax_actions = [:show] | |||
template_kinds = [:PXELinux, :PXEGrub, :iPXE, :provision, :finish, :script, :user_data, :ZTP] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could you deduplicate this list? https://github.com/theforeman/foreman/blob/develop/db/seeds.d/07-config_templates.rb#L9
just put it into a constant somewhere in TemplateKind and use it in both places?
Other than the duplication issue seems all right, I'll continue with testing when it's resolved. |
@lzap bump? |
ef1bdb1
to
a344b46
Compare
Done! diff --git a/app/models/template_kind.rb b/app/models/template_kind.rb
index 7c1e5a9..d647c1c 100644
--- a/app/models/template_kind.rb
+++ b/app/models/template_kind.rb
@@ -6,4 +6,8 @@ class TemplateKind < ActiveRecord::Base
has_many :os_default_templates
validates :name, :presence => true, :uniqueness => true
scoped_search :on => :name
+
+ def self.predefined
+ [:PXELinux, :PXEGrub, :iPXE, :provision, :finish, :script, :user_data, :ZTP]
+ end
end
diff --git a/app/services/foreman/access_permissions.rb b/app/services/foreman/access_permissions.rb
index a732de6..9b4488a 100644
--- a/app/services/foreman/access_permissions.rb
+++ b/app/services/foreman/access_permissions.rb
@@ -318,13 +318,12 @@ Foreman::AccessControl.map do |permission_set|
pc_ajax_actions = [:parameters]
subnets_ajax_actions = [:freeip]
tasks_ajax_actions = [:show]
- template_kinds = [:PXELinux, :PXEGrub, :iPXE, :provision, :finish, :script, :user_data, :ZTP]
map.permission :view_hosts, {:hosts => [:index, :show, :errors, :active, :out_of_sync, :disabled, :pending, :vm,
:externalNodes, :pxe_config, :storeconfig_klasses, :auto_complete_search, :bmc,
:runtime, :resources, :templates, :overview, :nics],
:dashboard => [:OutOfSync, :errors, :active],
- :unattended => [:template, :provision] + template_kinds,
+ :unattended => [:template, :provision] + TemplateKind.predefined,
:"api/v1/hosts" => [:index, :show, :status],
:"api/v2/hosts" => [:index, :show, :status, :vm_compute_attributes],
:"api/v2/interfaces" => [:index, :show], |
Could you please also use |
Why did you choose to use class method instead of constant? This will be harder to extend if we need it (only with alias_method_chain), if it was an array in constant, one could push to that array. |
Right, added and rebased on top of develop. |
On re-reviewing this, it seems the issue has already been fixed in b1997f5 when I refactored the controller in the same way that was suggested in the #10689 comments. Previewing templates as a non-admin user works fine. It does though mean we're vulnerable in develop to the security issue I mentioned at #2428 (comment), so this needs addressing. I've filed this as http://projects.theforeman.org/issues/15490, and updated foreman-security + requested a CVE. What I'd like to do is:
Sorry for the ticket change, but I'd like to be absolutely clear about what this is fixing. |
@@ -351,7 +351,7 @@ | |||
:externalNodes, :pxe_config, :storeconfig_klasses, :auto_complete_search, :bmc, | |||
:runtime, :resources, :templates, :overview, :nics], | |||
:dashboard => [:OutOfSync, :errors, :active], | |||
:unattended => [:host_template, :hostgroup_template], | |||
:unattended => [:host_template, :hostgroup_template] + TemplateKind.default_template_labels.keys.collect(&:to_sym), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This shouldn't be necessary now, since the action is always going to be either :host_template or :hostgroup_template - the routing changed in b1997f5 to route the template kinds to a single action.
I'd like to add, that given the security issue, please let me know if you don't plan to update this PR to fix it and instead, I'll patch it myself - rather than leave it months again. |
@lzap if you could please update this soon to fix the security issue, or let me know if you don't plan to. |
@domcleal had a huge github backlog and noticed just now. I can start tomorrow with this. |
8811e1d
to
991c3e9
Compare
991c3e9
to
cd5ab4d
Compare
There were the following issues with the commit message:
If you don't have a ticket number, please create an issue in Redmine, selecting the appropriate project. More guidelines are available in Coding Standards or on the Foreman wiki. This message was auto-generated by Foreman's prprocessor |
Amended all your last comments, rebased and pushed. |
Users who are logged in with permissions to view some hosts are able to preview provisioning templates for any host by specifying its hostname in the URL, as the specific view_hosts permissions and filters aren't checked. If the organization or location features are enabled, the user will still be restricted to their associated orgs/locs. This can disclose configuration information about the host, including root password hashes if used in preseed/kickstart templates.
cd5ab4d
to
8fcf31a
Compare
Fixing both missing permissions and incorrect error message.