-
Notifications
You must be signed in to change notification settings - Fork 357
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added RBAC check in catalog controller #887
Conversation
@@ -707,7 +707,7 @@ def ot_copy_submit | |||
|
|||
def ot_remove_submit | |||
assert_privileges("orchestration_template_remove") | |||
checked = find_checked_items | |||
checked = find_checked_ids_with_rbac(OrchestrationTemplate) | |||
checked[0] = params[:id] if checked.blank? && params[:id] | |||
elements = OrchestrationTemplate.where(:id => checked) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm, looking at this, I'm thinking using find_checked_records_with_rbac
may be better here. ☝️
That way I don't need to check params[:id]
for RBAC too.
28fa564
to
bc791fa
Compare
bc791fa
to
7282a0c
Compare
Checked commits romanblanco/manageiq-ui-classic@167e9b4~...7282a0c with ruby 2.2.6, rubocop 0.47.1, and haml-lint 0.20.0 app/controllers/application_controller.rb
|
Added RBAC check in catalog controller (cherry picked from commit 4425e78)
Fine backport details:
|
@martinpovolny @PanSpagetka ping