[trafficcontrol] branch 3.1.x updated: Fix DELETE deliveryservice_server permissions (#3773) (#3844)

Mon, 19 Aug 2019 10:32:00 -0700 

This is an automated email from the ASF dual-hosted git repository.

dgelinas pushed a commit to branch 3.1.x
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git


The following commit(s) were added to refs/heads/3.1.x by this push:
     new 8c413b2  Fix DELETE deliveryservice_server permissions (#3773) (#3844)
8c413b2 is described below

commit 8c413b252ff73f133dbbe75e0e4d6069c9641ed7
Author: Rawlin Peters <[email protected]>
AuthorDate: Mon Aug 19 11:31:44 2019 -0600

    Fix DELETE deliveryservice_server permissions (#3773) (#3844)
    
    The permissions are supposed to be Operations and above (not read-only).
    
    (cherry picked from commit 206ccb6d125fcecfd546b69b08b91214ecf4601f)
---
 CHANGELOG.md                             | 1 +
 traffic_ops/traffic_ops_golang/routes.go | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ecb2ece..615feed 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -31,6 +31,7 @@ The format is based on [Keep a 
Changelog](http://keepachangelog.com/en/1.0.0/).
 - Fix port handling for traffic ops port checks on ports other than 80.
 - Return a json response with a 200 for a successful snapshot PUT.
 - Correct FQDN case mismatch when generating DNSSEC.
+- Fixed permissions on DELETE 
/api/$version/deliveryservice_server/{dsid}/{serverid} endpoint
 - Issue 3223 - cannot add steering targets to steering delivery service.
 - Issue 3466 - docs fail to build in python 3.6.
 - Issue #3605: Fixed Traffic Monitor custom ports in health polling URL.
diff --git a/traffic_ops/traffic_ops_golang/routes.go 
b/traffic_ops/traffic_ops_golang/routes.go
index 0063b0d..05d6e9f 100644
--- a/traffic_ops/traffic_ops_golang/routes.go
+++ b/traffic_ops/traffic_ops_golang/routes.go
@@ -193,7 +193,7 @@ func Routes(d ServerData) ([]Route, []RawRoute, 
http.Handler, error) {
                {1.1, http.MethodPost, `regions/?$`, 
api.CreateHandler(region.GetTypeSingleton()), auth.PrivLevelOperations, 
Authenticated, nil},
                {1.1, http.MethodDelete, `regions/{id}$`, 
api.DeleteHandler(region.GetTypeSingleton()), auth.PrivLevelOperations, 
Authenticated, nil},
 
-               {1.1, http.MethodDelete, 
`deliveryservice_server/{dsid}/{serverid}`, dsserver.Delete, 
auth.PrivLevelReadOnly, Authenticated, nil},
+               {1.1, http.MethodDelete, 
`deliveryservice_server/{dsid}/{serverid}`, dsserver.Delete, 
auth.PrivLevelOperations, Authenticated, nil},
 
                // get all edge servers associated with a delivery service 
(from deliveryservice_server table)

Reply via email to