Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fixes #2198 - add AJAX routes to existing permissions to fix non-admin UI #410

Closed
wants to merge 1 commit into from
Closed

fixes #2198 - add AJAX routes to existing permissions to fix non-admin UI #410

wants to merge 1 commit into from

Conversation

domcleal
Copy link
Contributor

In 2ac3af6, the automatic authorization of XMLHttpRequests was removed for
security reasons, however the controller actions need associating with
specific permissions for non-admin users to use the UI.

This adds a test that will fail by default if new routes are added with no
permission that grants access.

This also obsoletes GH-401, I've added the auto_search_complete permission in at the same time to resolve the tests.

fixes theforeman#2198 - add AJAX routes to existing permissions to fi…
036ba8c 
…x non-admin UI

In 2ac3af6, the automatic authorization of XMLHttpRequests was removed for
security reasons, however the controller actions need associating with
specific permissions for non-admin users to use the UI.

This adds a test that will fail by default if new routes are added with no
permission that grants access.
@ohadlevy
Copy link
Member

merged - thanks!

@ohadlevy ohadlevy closed this Feb 13, 2013
@ohadlevy ohadlevy mentioned this pull request Feb 13, 2013
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@domcleal @ohadlevy