Bug 739912

Summary: Permissions not enforced for Hardware Profiles
Product: [Retired] CloudForms Cloud Engine Reporter: Aziza Karol <akarol>
Component: aeolus-conductorAssignee: Jan Provaznik <jprovazn>
Status: CLOSED ERRATA QA Contact: wes hayutin <whayutin>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 1.0.0CC: akarol, dajohnso, deltacloud-maint, dgao, ssachdev
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-05-15 21:55:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Aziza Karol 2011-09-20 12:14:21 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Login as admin and create a non-admin user.
2. add hardware profile.
3.login as non-admin user and verify if non-admin user is able to view/edit or delete hardware profile

Currently non admin user is able to view hardware profiles.



Expected results:
Non-admin user should not be able to view/edit/delete hardware profile

Additional info:
[root@kvm-guest-06 nodes]# rpm -qa | grep aeolus
aeolus-conductor-0.4.0-0.20110919181505git369190d.fc15.noarch
aeolus-conductor-daemons-0.4.0-0.20110919181505git369190d.fc15.noarch
aeolus-conductor-doc-0.4.0-0.20110919181505git369190d.fc15.noarch
rubygem-aeolus-image-0.1.0-3.20110919115936gitd1d24b4.fc15.noarch
aeolus-configure-2.0.2-4.20110916125556git5a94390.fc15.noarch
aeolus-all-0.4.0-0.20110919181505git369190d.fc15.noarch
Comment 1 Jan Provaznik 2011-09-26 14:49:51 UTC 
fixed in commit 9428d6e73858ae20154057319e9371b5c0ce8416
Comment 2 wes hayutin 2011-09-28 16:39:08 UTC 
making sure all the bugs are at the right version for future queries
Comment 4 Aziza Karol 2011-10-05 08:32:29 UTC 
Permissions are now enforced for Hardware Profiles.
Non-admin user is not able to view/edit or delete hardware profile.


verified on:
[root@kvm-guest-03 templates]# rpm -qa | grep aeolus
rubygem-aeolus-image-0.1.0-3.20111003170706git8f23238.fc15.noarch
aeolus-conductor-0.4.0-0.20111004192348git2cf5ee6.fc15.noarch
aeolus-all-0.4.0-0.20111004192348git2cf5ee6.fc15.noarch
aeolus-configure-2.0.2-4.20111004160858gitaf7e59a.fc15.noarch
aeolus-conductor-doc-0.4.0-0.20111004192348git2cf5ee6.fc15.noarch
aeolus-conductor-daemons-0.4.0-0.20111004192348git2cf5ee6.fc15.noarch
rubygem-aeolus-cli-0.1.0-3.20111003133323git9451323.fc15.noarch
Comment 6 errata-xmlrpc 2012-05-15 21:55:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2012-0583.html