From b49f704b0851018935a8d6c67724e4f6a687a54e Mon Sep 17 00:00:00 2001 From: Andrew Walker Date: Sun, 5 Nov 2023 20:17:25 -0500 Subject: [PATCH] NAS-125067 / 24.04 / Always allow authenticated users to set webui prefs (#12453) The attributes dictionary contains webui preferences as determined by the UI team. Users should be able to write to their own settings regardless of privileges granted to them. --- src/middlewared/middlewared/plugins/auth.py | 1 + tests/api2/test_account_privilege_role.py | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/src/middlewared/middlewared/plugins/auth.py b/src/middlewared/middlewared/plugins/auth.py index 411f5e05ce4ba..c4514c599cf92 100644 --- a/src/middlewared/middlewared/plugins/auth.py +++ b/src/middlewared/middlewared/plugins/auth.py @@ -539,6 +539,7 @@ async def me(self, app): return {**user, 'attributes': attributes} + @no_authz_required @accepts( Str('key'), Any('value'), diff --git a/tests/api2/test_account_privilege_role.py b/tests/api2/test_account_privilege_role.py index e8801ced20df4..3e9d02178d5d5 100644 --- a/tests/api2/test_account_privilege_role.py +++ b/tests/api2/test_account_privilege_role.py @@ -98,3 +98,11 @@ def test_readonly_can_not_call_method(): c.call("filesystem.mkdir", "/foo") assert ve.value.errno == errno.EACCES + + +def test_limited_user_can_set_own_attributes(): + with unprivileged_user_client(["READONLY"]) as c: + c.call("auth.set_attribute", "foo", "bar") + attrs = c.call("auth.me")["attributes"] + assert "foo" in attrs + assert attrs["foo"] == "bar"