Prevent Requests to resultant-acl Endpoint When Unauthenticated (#17139)
* prevents requests to resultant-acl endpoint when not logged in * removes unauthenticated mentions from resultant-acl api doc * adds changelog entry
This commit is contained in:
parent
87350f927f
commit
d258740f24
|
@ -0,0 +1,6 @@
|
|||
```release-note:improvement
|
||||
ui: Prevents requests to /sys/internal/ui/resultant-acl endpoint when unauthenticated
|
||||
```
|
||||
```release-note:improvement
|
||||
website/docs: Removes mentions of unauthenticated from internal ui resultant-acl doc
|
||||
```
|
|
@ -72,7 +72,9 @@ export default Route.extend(ModelBoundaryRoute, ClusterRoute, {
|
|||
const id = this.getClusterId(params);
|
||||
if (id) {
|
||||
this.auth.setCluster(id);
|
||||
if (this.auth.currentToken) {
|
||||
await this.permissions.getPaths.perform();
|
||||
}
|
||||
return this.version.fetchFeatures();
|
||||
} else {
|
||||
return reject({ httpStatus: 404, message: 'not found', path: params.cluster_name });
|
||||
|
|
|
@ -8,11 +8,10 @@ description: >-
|
|||
# `/sys/internal/ui/resultant-acl`
|
||||
|
||||
The `/sys/internal/ui/resultant-acl` endpoint is used to expose resultant-acl
|
||||
to the UI so that it can change its behavior in response, even before a user logs in.
|
||||
to the UI so that it can change its behavior in response.
|
||||
|
||||
This is currently only being used internally for the UI and is
|
||||
an unauthenticated endpoint. Due to the nature of its intended usage, there is no
|
||||
guarantee on backwards compatibility for this endpoint.
|
||||
This is currently only being used internally for the UI. Due to the nature of its
|
||||
intended usage, there is no guarantee on backwards compatibility for this endpoint.
|
||||
|
||||
## Get Resultant-acl
|
||||
|
||||
|
|
Loading…
Reference in New Issue