Bug 2214274

Summary: Non-admin user with view-hosts permission has the capability to click on add parameter button
Product: Red Hat Satellite Reporter: addubey
Component: HostsAssignee: Maria <magaphon>
Status: VERIFIED --- QA Contact: Peter Ondrejka <pondrejk>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.14.0CC: aruzicka, magaphon, mhulan, oezr, rlavi
Target Milestone: 6.14.0Keywords: Triaged
Target Release: Unused   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: foreman-3.7.0.2-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description addubey 2023-06-12 12:56:27 UTC 
Created attachment 1970424 [details]
page_view

Description of problem: Non-admin user with view-hosts permission has the capability to click on add parameter button, though it doesn't save then too we have the option to delete it and then it pop's up with access denied.


Version-Release number of selected component (if applicable): 6.14.0 snap - 3


How reproducible: Always


Steps to Reproduce:
1. Create a nonadmin user with view-hosts permission
2. Traverse to the parameter tab by clicking on the host on the All Host page
3. Try to add a param it allows but it doesn't save that, but allows to delete without saving

Actual results: Add parameter button is enabled


Expected results: It shouldn't be functioning for a user with only view-hosts permission


Additional info:
Comment 1 Bryan Kearney 2023-06-30 00:03:12 UTC 
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/36549 has been resolved.
Comment 3 Peter Ondrejka 2023-07-13 16:41:02 UTC 
Verified on Sat 6.14 sn7, user with view-host permission can no longer add and remove parameter