Foreman REST API and user permissions

Hi,

I noticed that a user, if he is not 'administrator', has no access to the
resource /api/status (even with all permissions). Is this normal?

My install of Foreman is in version 1.7.1.

Examples :

http://127.0.0.1:8080/api/v1/status

{"message":"Access denied","details":null}

http://127.0.0.1:8080/api/v2/status

{
"error": {"message":"Accès refusé","details":null}
}

Thank you in advance.

It happens to me as well with Foreman 1.7.2
Isn't it possible to logging REST API with non administrator user?

··· On Sunday, February 1, 2015 at 2:33:00 AM UTC+2, Yoann Le Garff wrote: > > Hi, > > I noticed that a user, if he is not 'administrator', has no access to the > resource /api/status (even with all permissions). Is this normal? > > My install of Foreman is in version *1.7.1*. > > > *Examples* : > > http://127.0.0.1:8080/api/*v1*/status > > {"message":"Access denied","details":null} > > > http://127.0.0.1:8080/api/*v2*/status > > > { > "error": {"message":"Accès refusé","details":null} > } > > > > Thank you in advance. >

Any chance someone have any idea?

··· On Wednesday, March 25, 2015 at 12:02:55 PM UTC+2, Avi Tal wrote: > > It happens to me as well with Foreman 1.7.2 > Isn't it possible to logging REST API with non administrator user? > > > > On Sunday, February 1, 2015 at 2:33:00 AM UTC+2, Yoann Le Garff wrote: >> >> Hi, >> >> I noticed that a user, if he is not 'administrator', has no access to the >> resource /api/status (even with all permissions). Is this normal? >> >> My install of Foreman is in version *1.7.1*. >> >> >> *Examples* : >> >> http://127.0.0.1:8080/api/*v1*/status >> >> {"message":"Access denied","details":null} >> >> >> http://127.0.0.1:8080/api/*v2*/status >> >> >> { >> "error": {"message":"Accès refusé","details":null} >> } >> >> >> >> Thank you in advance. >> >

Hi,

looking at code, only the administrators can view the status atm [1], so yes,
this is expected behavior. New permission to display status could be added
quite easily, if you're interested I can try to help you to create a PR. A
good start is to create a RFE issue in our redmine [2].

[1]https://github.com/theforeman/foreman/blob/1.7.2/app/controllers/api/v2/home_controller.rb#L4
[2]http://projects.theforeman.org/

Hope this helps

··· -- Marek

On Thursday 26 of March 2015 06:40:46 Avi Tal wrote:

Any chance someone have any idea?

On Wednesday, March 25, 2015 at 12:02:55 PM UTC+2, Avi Tal wrote:

It happens to me as well with Foreman 1.7.2
Isn’t it possible to logging REST API with non administrator user?

On Sunday, February 1, 2015 at 2:33:00 AM UTC+2, Yoann Le Garff wrote:

Hi,

I noticed that a user, if he is not ‘administrator’, has no access to the
resource /api/status (even with all permissions). Is this normal?

My install of Foreman is in version 1.7.1.

Examples :

http://127.0.0.1:8080/api/v1/status

{“message”:“Access denied”,“details”:null}

http://127.0.0.1:8080/api/v2/status

{

“error”: {“message”:“Accès refusé”,“details”:null}

}

Thank you in advance.