Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 111030

Summary: missing CMS folder/item permission checks
Product: [Retired] Red Hat Enterprise CMS Reporter: Scott Seago <sseago>
Component: uiAssignee: ccm-bugs-list
Status: CLOSED WONTFIX QA Contact: Jon Orris <jorris>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.2   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-03-09 15:36:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Scott Seago 2003-11-26 15:35:26 UTC 
Description of problem:
On the CMS browse pane, the folder tree has permission filtering on
PREVIEW permissions, so that users won't see folders they have no
permission on. However, the item list does not have the same filtering
applied.

In addition, direct navigation to a folder (via the item page, etc.
using the set_folder URL var) needs permission checks.

Also, the item admin page should check user permissions.

London change #38322 resolves the above three issues, in addition to
adding a soft-deletion check to the item admin page to prevent an
unchecked exception from being thrown when attempting to generate the
admin page for a soft-deleted item.



Version-Release number of selected component (if applicable):
5.2+

How reproducible:
always

Steps to Reproduce:
1.navigate to a folder with a non-admin user which has private
subfolders (which the user has no access to)
2.the private folders will be missing on the folder tree but shown in
the brows pane