Bug 1284475
Summary: | Filter with permission edit_config_groups is not actually limited by search expression | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Shimon Shtein <sshtein> |
Component: | Users & Roles | Assignee: | Marek Hulan <mhulan> |
Status: | CLOSED ERRATA | QA Contact: | Tazim Kolhar <tkolhar> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.0.4 | CC: | bbuckingham, bkearney, chpeters, cwelton, daobrien, tkolhar |
Target Milestone: | Unspecified | Keywords: | Triaged |
Target Release: | Unused | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
URL: | http://projects.theforeman.org/issues/9506 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Editing config groups did not respect permission filters. These filters are now respected.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-01-21 07:42:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Shimon Shtein
2015-11-23 12:40:40 UTC
Created from redmine issue http://projects.theforeman.org/issues/9506 Upstream bug assigned to mhulan Upstream bug component is Users & Roles VERIFIED: # rpm -qa | grep foreman dell-pe1950-05.rhts.eng.brq.redhat.com-foreman-client-1.0-1.noarch dell-pe1950-05.rhts.eng.brq.redhat.com-foreman-proxy-1.0-1.noarch ruby193-rubygem-foreman_hooks-0.3.7-2.el7sat.noarch puppet-foreman_scap_client-0.3.3-10.el7sat.noarch foreman-vmware-1.7.2.50-1.el7sat.noarch rubygem-hammer_cli_foreman_tasks-0.0.3.5-1.el7sat.noarch foreman-ovirt-1.7.2.50-1.el7sat.noarch ruby193-rubygem-foreman_gutterball-0.0.1.9-1.el7sat.noarch foreman-1.7.2.50-1.el7sat.noarch ruby193-rubygem-foreman_docker-1.2.0.24-1.el7sat.noarch ruby193-rubygem-foreman-tasks-0.6.15.7-1.el7sat.noarch rubygem-hammer_cli_foreman_bootdisk-0.1.2.7-1.el7sat.noarch rubygem-hammer_cli_foreman_docker-0.0.3.10-1.el7sat.noarch foreman-debug-1.7.2.50-1.el7sat.noarch foreman-proxy-1.7.2.8-1.el7sat.noarch dell-pe1950-05.rhts.eng.brq.redhat.com-foreman-proxy-client-1.0-1.noarch foreman-discovery-image-3.0.5-3.el7sat.noarch foreman-libvirt-1.7.2.50-1.el7sat.noarch ruby193-rubygem-foreman_openscap-0.3.2.10-1.el7sat.noarch foreman-gce-1.7.2.50-1.el7sat.noarch rubygem-hammer_cli_foreman-0.1.4.15-1.el7sat.noarch ruby193-rubygem-foreman_discovery-2.0.0.23-1.el7sat.noarch foreman-selinux-1.7.2.17-1.el7sat.noarch foreman-postgresql-1.7.2.50-1.el7sat.noarch foreman-compute-1.7.2.50-1.el7sat.noarch ruby193-rubygem-foreman-redhat_access-0.2.4-1.el7sat.noarch rubygem-hammer_cli_foreman_discovery-0.0.1.10-1.el7sat.noarch ruby193-rubygem-foreman_bootdisk-4.0.2.14-1.el7sat.noarch steps: - create a new role and add filter 1 for host class permissions. - select items "edit_classes" for filter 1. - create filter 2 with config group permissions. - select items "view_config_groups" and "edit_config_groups" for filter 2. - uncheck unlimited checkbox for filter 2. - enter search expression into search textbox like "name != production-apache" for filter 2. - associate the role with restricted user. - create config group with a name like "production-apache" - login with the restricted user. - on the menu go to configure - config groups. the user is not be able to view or edit config groups with the string "production" in their names. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:0052 |