Back to bug 1384035
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Jitendra Yejare | 2016-10-12 12:08:50 UTC | Blocks | 1373844 | |
| Marek Hulan | 2016-10-12 12:28:39 UTC | Link ID | Foreman Issue Tracker 16884 | |
| Bryan Kearney | 2016-11-03 08:20:39 UTC | Assignee | satellite6-bugs | mhulan |
| Bryan Kearney | 2016-11-03 08:20:41 UTC | Status | NEW | ASSIGNED |
| Marek Hulan | 2017-01-09 09:48:43 UTC | Blocks | 1316897 | |
| CC | sauchter | |||
| Satellite Program | 2017-07-20 16:02:35 UTC | Status | ASSIGNED | POST |
| Brad Buckingham | 2017-08-22 17:06:02 UTC | Keywords | Triaged | |
| CC | bbuckingham | |||
| Marek Hulan | 2017-10-12 07:26:15 UTC | CC | dzhukous | |
| Bryan Kearney | 2017-10-13 12:52:26 UTC | CC | bkearney | |
| Brad Buckingham | 2018-01-30 14:03:53 UTC | CC | bbuckingham | |
| Eric Helms | 2018-04-23 17:21:30 UTC | Status | POST | MODIFIED |
| Evgeni Golov | 2018-04-27 13:39:54 UTC | Status | MODIFIED | ON_DEV |
| Evgeni Golov | 2018-04-27 13:59:07 UTC | Status | ON_DEV | ON_QA |
| Brad Buckingham | 2018-07-30 16:21:00 UTC | Target Milestone | Unspecified | GA |
| Jitendra Yejare | 2018-08-01 12:52:44 UTC | QA Contact | katello-qa-list | jyejare |
| Jitendra Yejare | 2018-08-01 15:12:42 UTC | Status | ON_QA | VERIFIED |
| Marek Hulan | 2018-08-31 06:42:29 UTC | Doc Text | In previous version of Satellite, when a filter granting permissions for a resource was limited by a search query, the search query was only applied to view/destroy permission and was not enforce on creation and update. Think of filter granting all permissions on domain with a condition "name ~ a*", meaning user can only view, create, edit, delete domains which name starts with letter a. When user tried to create domain with name 'b.example.com', it was allowed but later the same user couldn't see it in the list. Also user could modify existing domain, so that the name wouldn't start with letter a anymore. With Satellite 6.4 and higher, we enforce the permission on object which is not yet saved, therefore the search query limit applies also to creation and update of the resource. Given the example above, user can no longer create a domain with name 'b.example.com', since he/she can only work with domains starting with letter a. | |
| Doc Type | If docs needed, set a value | Release Note | ||
| Sergei Petrosian | 2018-09-19 12:21:16 UTC | CC | spetrosi | |
| Doc Text | In previous version of Satellite, when a filter granting permissions for a resource was limited by a search query, the search query was only applied to view/destroy permission and was not enforce on creation and update. Think of filter granting all permissions on domain with a condition "name ~ a*", meaning user can only view, create, edit, delete domains which name starts with letter a. When user tried to create domain with name 'b.example.com', it was allowed but later the same user couldn't see it in the list. Also user could modify existing domain, so that the name wouldn't start with letter a anymore. With Satellite 6.4 and higher, we enforce the permission on object which is not yet saved, therefore the search query limit applies also to creation and update of the resource. Given the example above, user can no longer create a domain with name 'b.example.com', since he/she can only work with domains starting with letter a. | Satellite 6.4 introduces tighter restrictions around resource filter limitations. In previous versions of Satellite, the search query applied incorrect permissions to resources, which allowed users to perform tasks that were not permitted. This is now fixed. |
||
| Bryan Kearney | 2018-10-16 19:28:34 UTC | Status | VERIFIED | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2018-10-16 15:28:34 UTC | |||
| Mike McCune | 2019-04-01 20:27:47 UTC | Target Milestone | GA | Unspecified |
| Mike McCune | 2019-11-05 23:01:38 UTC | Target Milestone | Unspecified | 6.4.0 |
Back to bug 1384035