Page MenuHomePhabricator
Create Task
Maniphest T28576

OpenStackManager extension needs proper security checks
Closed, ResolvedPublic
Actions

Description

There's a few rudimentary security checks in place now, but the extension needs to ensure users have proper rights to access certain special pages.

Specifically, Special:NovaProject, and Special:NovaDomain should ensure a user is an admin, or have some special right.

Additionally, the current security checks aren't likely done in the normal MediaWiki style. This should be corrected.

Version: unspecified
Severity: major

Details

Reference
bz26576

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:12 PM
bzimport added a project: MediaWiki-extensions-OpenStackManager.
bzimport set Reference to bz26576.
RyanLane created this task.Jan 5 2011, 4:45 PM
RyanLane added a comment.Jan 7 2011, 6:17 AM

Accidentally marked this as resolved.

RyanLane added a comment.Jan 11 2011, 8:40 PM

More specific implementation:

Special:NovaProject should be limited to wiki admins

Special:NovaDomain, Special:NovaHost, and Special:NovaAddress should be limited to users with the 'netadmins' role.

Special:NovaInstance should be limited to users with the 'sysadmin' role.

Roles are pulled from LDAP, and are accessible via OpenStackNovaUser->inRole(), or OpenStackNovaUser->getRoles()

RyanLane added a comment.Jan 11 2011, 10:40 PM

Resolved in r80047.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL