Branch: refs/heads/2.2.0
Home:
https://github.com/Checkmk/checkmk
Commit: ab3af7d6333787a1c9b3f7db825b2a68a77563d3
https://github.com/Checkmk/checkmk/commit/ab3af7d6333787a1c9b3f7db825b2a68a…
Author: Gav <gavin.mcguigan(a)checkmk.com>
Date: 2023-06-26 (Mon, 26 Jun 2023)
Changed paths:
A .werks/15890
M cmk/gui/fields/__init__.py
M cmk/gui/fields/definitions.py
M cmk/gui/plugins/openapi/endpoints/site_management/__init__.py
M cmk/gui/plugins/openapi/endpoints/user_config/__init__.py
M cmk/gui/plugins/openapi/restful_objects/decorators.py
M cmk/gui/plugins/openapi/utils.py
M tests/testlib/rest_api_client.py
M tests/unit/cmk/gui/plugins/openapi/test_openapi_user.py
Log Message:
-----------
15890 FIX user: read permissions are now checked in the request schema before
delete/edit/create user
When calling either of the following endpoints, a 401 will be returned
if the user doesn't have read access for users.
POST /domain-types/user_config/collections/all
PUT /objects/user_config/{username}
DELETE /objects/user_config/{username}
The site management endpoint 'site_login' is also affected by this change,
since a valid existing user is required to login.
CMK-13156
Change-Id: Ic993305594d9e174c3d203fdb6970863508ba281