Bug 1458722
| Summary: | even with "Allow Organization Admin to manage Organization Configuration" you can change some organization config options | ||
|---|---|---|---|
| Product: | Red Hat Satellite 5 | Reporter: | Jan Hutař <jhutar> |
| Component: | WebUI | Assignee: | Grant Gainey <ggainey> |
| Status: | CLOSED ERRATA | QA Contact: | Radovan Drazny <rdrazny> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 580 | CC: | adujicek, rdrazny, tlestach |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | spacewalk-java-2.5.14-90-sat | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-09-06 12:27:53 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1450111 | ||
spacewalk.github: d9880a0e0dcf962b007f1204e8ee325e801a2253 Reproduced on spacewalk-java-2.5.14-89.el6sat with the reproducer from the initial report. Using dev-tools in FF I was able to re-enable all disabled check boxes and the "update" button as well, and change the settings afterwards. After updating to spacewalk-java-2.5.14-91.el6sat and trying the same procedure as before, I was able to re-enable all controls on the web page, but after pressing "update" button, all setting reverted back to the original state, as set by the global satellite admin. VERIFIED Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:2645 |
Description of problem: Even with "Allow Organization Admin to manage Organization Configuration" you can change some organization config options Version-Release number of selected component (if applicable): spacewalk-java-2.5.14-89.el6sat.noarch How reproducible: always Steps to Reproduce: 1. Create organization and make sure "Allow Organization Admin to manage Organization Configuration" is disabled (org admin is not supposed to change e.g. "Enable Errata E-mail Notifications (for users belonging to this organization)" Admin -> Organizations -> <org> -> Configuration -> Allow Organization Admin to manage Organization Configuration 2. Login as admin of that new organization and go to Overview -> Your Organization -> Configuration 3. Using web browser remove "disabled='disabled'" from "Enable Errata E-mail Notifications" checkbox and "Update Organization" button and change the settings (there will be "Size limit modification must be a valid non negative number." warning, but that does not seem to be relevant) Actual results: Setting gets changed. Looks like you are able to change every setting on the page this way. Expected results: Setting should not be changed. Additional info: Not sure if this qualifies as a security issue (theoretically you can cause bad things by disabling "Enable Errata E-mail Notifications" for your whole organization even when satellite admin did not granted you right to disable it).