Revision 07d13039
Added by Dominic Cleal over 11 years ago
- ID 07d13039a7535ae96f4bc987aa3ebf3696c28791
lib/foreman/default_data/loader.rb | ||
---|---|---|
:view_statistics]
|
||
end
|
||
if reset or Role.anonymous.permissions.empty?
|
||
Role.anonymous.update_attribute :permissions, [:view_hosts, :view_bookmarks]
|
||
Role.anonymous.update_attribute :permissions, [:view_hosts, :view_bookmarks, :view_tasks]
|
||
end
|
||
end
|
||
true
|
Also available in: Unified diff
fixes #2198 - add AJAX routes to existing permissions to fix non-admin UI
In 2ac3af69, the automatic authorization of XMLHttpRequests was removed for
security reasons, however the controller actions need associating with
specific permissions for non-admin users to use the UI.
This adds a test that will fail by default if new routes are added with no
permission that grants access.