Bug 1116722

Summary: CSV export exposes power configuration to unprivileged users
Product: [Retired] Beaker Reporter: Dan Callaghan <dcallagh>
Component: web UIAssignee: Dan Callaghan <dcallagh>
Status: CLOSED CURRENTRELEASE QA Contact: tools-bugs <tools-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 0.16CC: aigao, asaha, dcallagh, rmancy, xma
Target Milestone: 0.17.1   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-07-18 08:17:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dan Callaghan 2014-07-07 07:10:17 UTC 
Description of problem:
Beaker only shows a system's power configuration to users who have permission to edit it. However the CSV export will include power configuration for all systems that the user has view permissions on.

Version-Release number of selected component (if applicable):
0.16.2

How reproducible:
easily

Steps to Reproduce:
1. Pick Reports -> CSV from the menu
2. Select "System Power" CSV type and export
3. In the output, find a system which you do not have permission to edit

Actual results:
Power settings are shown

Expected results:
Power settings should not be shown if the exporting user does not have edit_system permission.
Comment 1 Dan Callaghan 2014-07-08 11:07:36 UTC 
On Gerrit: http://gerrit.beaker-project.org/3195
Comment 4 Dan Callaghan 2014-07-18 08:17:34 UTC 
Beaker 0.17.1 has been released.