Bug 2167947

Summary: Assign/Unassign Compliance policy to a host via user with only Viewer role keeps loading the screen instead of throwing Access/Permission denied message
Product: Red Hat Satellite Reporter: Jayant Bhatia <jbhatia>
Component: SCAP PluginAssignee: satellite6-bugs <satellite6-bugs>
Status: NEW --- QA Contact: visawant
Severity: low Docs Contact:
Priority: low    
Version: 6.13.0CC: lstejska, mhulan, oezr, sganar
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Loading Screen Image none

Description Jayant Bhatia 2023-02-07 18:41:47 UTC 
Description of problem:

While trying to assign/unassign compliance policy to a host via user which only have Viewer rights, the screen keeps loading instead of throwing Access/Permission denied message.  


Version-Release number of selected component (if applicable): satellite-6.13.0-4.el8sat.noarch


How reproducible: Always


Steps to Reproduce:

1. Create a new user (say 'testuser') on Satellite and assign only 'Viewer' role to it. Login using 'testuser' on Satellite.

2. Navigate to Satellite WebUI -> Hosts -> All Hosts -> Checkbox any host -> Select Action -> Click on "Assign Compliance Policy" or "Unassign Compliance Policy" or "Change OpenSCAP Capsule".


Actual results:

A new window opens with title "Assign Compliance Policy - The following hosts are about to be changed" or "Unassign Compliance Policy - The following hosts are about to be changed" or "Change OpenSCAP Capsule - The following hosts are about to be changed". The new window keeps loading forever.


Expected results:

An error related to Access/Permission denied should be shown as a user with Viewer role is trying to edit the host.


Additional info: Attaching screen image of the loading screen.
Comment 1 Jayant Bhatia 2023-02-07 18:42:50 UTC 
Created attachment 1942774 [details]
Loading Screen Image