#467 user not in aclpolicy can perform unauthorized actions - Rundeck Development

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

#467 ✓resolved

user not in aclpolicy can perform unauthorized actions

Reported by Greg Schueler | November 4th, 2011 @ 04:56 PM | in 1.4.0.2 (closed)

a user not authorized via aclpolicy can still perform unauthorized actions:

user can log in and create projects, jobs, run jobs etc.

Comments and changes to this ticket

Greg Schueler November 7th, 2011 @ 10:14 AM
(from [dccac21fd5f1c5250bc12b5fd0e43df85f85b1c4]) Add DenyAuthorization impl, refactor to BaseAuthorization [#467] https://github.com/dtolabs/rundeck/commit/dccac21fd5f1c5250bc12b5fd...
Greg Schueler November 7th, 2011 @ 10:14 AM
(from [43f6a9fb898b1bf4c80fe6ac85a02dbb46150a7d]) Remove getFramework(), use getFrameworkNodeName [#467] https://github.com/dtolabs/rundeck/commit/43f6a9fb898b1bf4c80fe6ac8...
Greg Schueler November 7th, 2011 @ 10:14 AM
(from [1a2365dda95dc176c37a5e7f30cd990e661e6363]) Fix ordering of filter checks [#467] https://github.com/dtolabs/rundeck/commit/1a2365dda95dc176c37a5e7f3...
Greg Schueler November 7th, 2011 @ 10:14 AM
(from [f0c91fae384346f1c33c8e002c6c753c88858ab3]) Use title from controller model [#467] https://github.com/dtolabs/rundeck/commit/f0c91fae384346f1c33c8e002...
Greg Schueler November 7th, 2011 @ 10:14 AM
(from [251f65badb2cba4c06da7a0c23a6fcc262f0d51a]) Show clearer message when no project access [#467] https://github.com/dtolabs/rundeck/commit/251f65badb2cba4c06da7a0c2...
Greg Schueler November 9th, 2011 @ 12:47 PM
- State changed from “new” to “needs_verification”
Greg Schueler November 9th, 2011 @ 12:58 PM
FYI: user could create/modify jobs but cannot run anything on Nodes, this will fail with "No Matched Nodes"
Greg Schueler November 9th, 2011 @ 12:58 PM
- State changed from “needs_verification” to “resolved”
verified that "user" default user cannot perform any actions on a fresh install

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

(DEPRECATED) Please use github issues for issue tracking at http://github.com/dtolabs/rundeck/issues

Shared Ticket Bins (Sort)

↓↑ drag 207 Open tickets
↓↑ drag 390 Resolved tickets
↓↑ drag 2 This week's tickets

People watching this ticket

Greg Schueler

Rundeck Rundeck Development → 1.4.0.2

user not in aclpolicy can perform unauthorized actions

Comments and changes to this ticket

Greg Schueler November 7th, 2011 @ 10:14 AM

Greg Schueler November 7th, 2011 @ 10:14 AM

Greg Schueler November 7th, 2011 @ 10:14 AM

Greg Schueler November 7th, 2011 @ 10:14 AM

Greg Schueler November 7th, 2011 @ 10:14 AM

Greg Schueler November 9th, 2011 @ 12:47 PM

Greg Schueler November 9th, 2011 @ 12:58 PM

Greg Schueler November 9th, 2011 @ 12:58 PM

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Tags

Pages

Rundeck Rundeck Development → 1.4.0.2

Keyword searching

user not in aclpolicy can perform unauthorized actions

Comments and changes to this ticket

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Tags

Pages