Closed jeremyjaouen closed 1 year ago
This PR intends to restraint access to provider configurations endpoint taking account of menu access
Fixes # MON-15253
Create a user
Give him Reach Api Configuration right
Give him no ACL
Connect to API v2 with this user
call GET / PUT /administration/authentication/providers/local
call GET / PUT /administration/authentication/providers/openid
call GET / PUT /administration/authentication/providers/web-sso
The request should return a 403 and the listing or update not occurs.
Give user ACL Menu Access to Authentication
The user is able to list or modify the provider configurations
SonarQube Quality Gate
11 Bugs 0 Vulnerabilities 0 Security Hotspots ( 100.0% reviewed) 3349 Code Smells
0.0% Coverage 4.3% Duplication
Description
This PR intends to restraint access to provider configurations endpoint taking account of menu access
Fixes # MON-15253
Type of change
Target serie
How this pull request can be tested ?
Create a user
Give him Reach Api Configuration right
Give him no ACL
Connect to API v2 with this user
call GET / PUT /administration/authentication/providers/local
call GET / PUT /administration/authentication/providers/openid
call GET / PUT /administration/authentication/providers/web-sso
The request should return a 403 and the listing or update not occurs.
Give user ACL Menu Access to Authentication
call GET / PUT /administration/authentication/providers/local
call GET / PUT /administration/authentication/providers/openid
call GET / PUT /administration/authentication/providers/web-sso
The user is able to list or modify the provider configurations
Checklist
Community contributors & Centreon team