Normal users can read machine details of owned machines
Bug #1811799 reported by
Björn Tillenius
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Fix Released
|
High
|
Unassigned |
Bug Description
This is with MAAS 2.5.1-7489-
Normal users can't see machines if they have a different
owner than themselves.
But if they know the system id, they can get the machine details:
maas <login> machine details <system_id>
Related branches
~igor-brovtsin/maas:lp-1811799
Merged
into
maas:master
- Björn Tillenius: Approve
- MAAS Lander: Approve
-
Diff: 59 lines (+23/-2)2 files modifiedsrc/maasserver/api/nodes.py (+7/-2)
src/maasserver/api/tests/test_node.py (+16/-0)
Changed in maas: | |
status: | New → Triaged |
importance: | Undecided → High |
milestone: | none → 2.5.1 |
summary: |
- [2.5] Normal users can read machine details of owned machines + [2.5, API] Normal users can read machine details of owned machines |
tags: | added: api |
tags: | added: rbac |
Changed in maas: | |
milestone: | 2.5.1 → 2.5.2 |
Changed in maas: | |
milestone: | 2.5.2 → 2.5.3 |
Changed in maas: | |
milestone: | 2.5.3 → 2.6.0beta2 |
Changed in maas: | |
milestone: | 2.6.0beta2 → 2.6.0rc1 |
Changed in maas: | |
milestone: | 2.6.0rc1 → 2.6.0rc2 |
Changed in maas: | |
milestone: | 2.6.0rc2 → 2.7.0alpha1 |
Changed in maas: | |
milestone: | 2.7.0b1 → 2.7.0b2 |
Changed in maas: | |
milestone: | 2.7.0b2 → none |
summary: |
- [2.5, API] Normal users can read machine details of owned machines + Normal users can read machine details of owned machines |
Changed in maas: | |
milestone: | none → 3.4.0 |
status: | Triaged → Fix Committed |
Changed in maas: | |
milestone: | 3.4.0 → 3.4.0-beta1 |
Changed in maas: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
I think this is an actual issue with non-RBAC MAAS too.