Bug 1572175

Summary: [registration]Read-only admin user can create/delete coupon in admin panel
Product: OpenShift Online Reporter: yufchang <yufchang>
Component: Accounts and BillingAssignee: Timothy Williams <tiwillia>
Status: CLOSED CURRENTRELEASE QA Contact: yufchang <yufchang>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.xCC: aos-bugs, jokerman, mmccomas, tiwillia
Target Milestone: ---Keywords: OnlinePro
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-05-07 17:24:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description yufchang 2018-04-26 10:37:08 UTC
Description of problem:
Read-only admin user can approve subscription

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Prepare a read-only admin user to login registration, enter admin panel->coupon
2.create/delete a coupon

Actual results:
Read-only admin user can create/delete coupons

Expected results:
Read-only admin user can not access any update method on coupons

Additional info:

Comment 1 Timothy Williams 2018-04-27 19:51:56 UTC
Fixed in STG