archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity
1,160 Commits 12 Branches 2 Tags
Commit Graph

5 Commits

Author SHA1 Message Date
Sybren A. Stüvel
d0557445cd Fix privilege escalation leak 
A PUT request on /api/user/{user-id} by the user themselves would allow
too much, and would allow self-granting of roles (including admin),
group membership (so join any arbitrary project) and pretend to be
service accounts.
 2017-05-04 12:48:30 +02:00
Sybren A. Stüvel
bced6cae68 Ran 2to3 on unittests, same sort of manual fixups as before 2017-03-22 15:49:51 +01:00
Sybren A. Stüvel
3afeeaccd0 Removed permission keys from node type definitions. 
This prevents replace_pillar_node_type_schemas() from overwriting existing
permissions.
 2016-10-20 13:05:43 +02:00
Sybren A. Stüvel
eea934a86a Added username to public user fields 2016-10-19 16:57:17 +02:00
Francesco Siddi
2c5dc34ea2 Introducing Pillar Framework 
Refactor of pillar-server and pillar-web into a single python package. This
simplifies the overall architecture of pillar applications.

Special thanks @sybren and @venomgfx
 2016-08-19 09:19:06 +02:00