Bug 1467044

Summary: Content view displayed for wrong organization
Product: Red Hat Satellite Reporter: Alexander Braverman <abraverm>
Component: Content ViewsAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2.9CC: bbuckingham, jcallaha
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-09-04 17:43:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alexander Braverman 2017-07-02 08:45:51 UTC 
Description of problem:
User with content view permissions for two different organizations, will able to see the content view of a different organization while his session is not in that organization.
For example, user has permissions to view CV for organizations A and B. User sessions in currently in organization A. Organization B has content view of id 1. The problem, if the user have a direct link (https://satellite.redhat.com/content_views/1/versions), he can see and do actions on it while in organization A.

Version-Release number of selected component (if applicable):
6.2.9

How reproducible:
Always


Steps to Reproduce:
1.
2.
3.

Actual results:
https://satellite.redhat.com/content_views/1/versions is viewable

Expected results:
404 or return to main list of content views for the organiztion the user currently working in.

Additional info:
Comment 2 Bryan Kearney 2018-09-04 17:43:40 UTC 
Thank you for your interest in Satellite 6. We have evaluated this request, and we do not expect this to be implemented in the product in the foreseeable future. We are therefore closing this out as WONTFIX. If you have any concerns about this, please feel free to contact Rich Jerrido or Bryan Kearney. Thank you.