Bug 1008451

Summary: it is allowed to delete hidden user with ID=2
Product: Red Hat Satellite Reporter: Ales Dujicek <adujicek>
Component: APIAssignee: Adam Price <adprice>
Status: CLOSED WONTFIX QA Contact: Katello QA List <katello-qa-list>
Severity: medium Docs Contact:
Priority: unspecified    
Version: NightlyCC: cwelton, mmccune
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-18 17:38:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Ales Dujicek 2013-09-16 11:42:03 UTC 
Description of problem:

there is mysterious user with ID=2 and I am not allowed to get info about him:

curl -u admin:admin -k https://fqdn/katello/api/users/2
{
    "displayMessage": "User admin is not allowed to access api/v1/users/show", 
    "errors": [
        "User admin is not allowed to access api/v1/users/show"
    ]
}

but I can delete him:

curl -u admin:admin -k https://dell-pe1950-01.lab.eng.rdu.redhat.com/katello/api/users/2 -X DELETE
Deleted user '2'

if I am not allowed to read data, I should not be allowed to destroy them

Version-Release number of selected component (if applicable):
katello-configure-1.4.5-1.git.3.a9848fc.el6.noarch
katello-common-1.4.6-1.git.143.5712bb8.el6.noarch
katello-cli-1.4.3-1.git.46.a2fefb7.el6.noarch
katello-1.4.6-1.git.143.5712bb8.el6.noarch
katello-repos-1.4.2-1.el6.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
pulp-katello-plugins-0.2-1.el6.noarch
katello-glue-candlepin-1.4.6-1.git.143.5712bb8.el6.noarch
katello-all-1.4.6-1.git.143.5712bb8.el6.noarch
katello-qpid-broker-key-pair-1.0-1.noarch
signo-katello-0.0.21-1.el6.noarch
katello-glue-pulp-1.4.6-1.git.143.5712bb8.el6.noarch
katello-selinux-1.4.4-1.git.1.7abb02b.el6.noarch
katello-qpid-client-key-pair-1.0-1.noarch
katello-glue-elasticsearch-1.4.6-1.git.143.5712bb8.el6.noarch
katello-certs-tools-1.4.4-1.el6.noarch
katello-cli-common-1.4.3-1.git.46.a2fefb7.el6.noarch
Comment 3 Mike McCune 2014-03-18 17:38:31 UTC 
This bug was closed because of a lack of activity.  If you feel this bug should be reconsidered for attention please feel free to re-open the bug with a comment stating why it should be reconsidered.