Revision e0d9186e
Added by Dominic Cleal over 11 years ago
- ID e0d9186edc6397a15ebe81a78b00eee363cb44d0
| lib/foreman/default_data/loader.rb | ||
|---|---|---|
|
:view_statistics]
|
||
|
end
|
||
|
if reset or Role.anonymous.permissions.empty?
|
||
|
Role.anonymous.update_attribute :permissions, [:view_hosts, :view_bookmarks]
|
||
|
Role.anonymous.update_attribute :permissions, [:view_hosts, :view_bookmarks, :view_tasks]
|
||
|
end
|
||
|
end
|
||
|
true
|
||
Also available in: Unified diff
fixes #2198 - add AJAX routes to existing permissions to fix non-admin UI
In 2ac3af69, the automatic authorization of XMLHttpRequests was removed for
security reasons, however the controller actions need associating with
specific permissions for non-admin users to use the UI.
This adds a test that will fail by default if new routes are added with no
permission that grants access.