Bug 766962

Summary: Systems - user with System Access perm can delete systems
Product: Red Hat Satellite Reporter: Brad Buckingham <bbuckingham>
Component: WebUIAssignee: Partha Aji <paji>
Status: CLOSED CURRENTRELEASE QA Contact: Katello QA List <katello-qa-list>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.0.0CC: kbidarka, mmccune
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-22 18:13:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 747354    
Attachments:
Description Flags
users can no longer delete systems none

Description Brad Buckingham 2011-12-12 20:58:46 UTC 
Description of problem:

A user with "Access Systems" permission only has the ability to delete systems using the Systems -> List Actions

Version-Release number of selected component (if applicable):
git master

How reproducible:
always

Steps to Reproduce:
1. create a system as admin
2. create a user and grant them only the "Access Systems" permissions on the org
3. log in as that new user
4. go to Systems
5. attempt to delete the system using the 'List Actions' -> Remove Systems
  
Actual results:
system is deleted

Expected results:
the user should not be able to delete the system.
in addition, the user should not even see the action for deleting the system... 


Additional info:
Comment 1 Partha Aji 2012-01-24 00:48:00 UTC 
This seems to have been fixed. Cannot reproduce. Please verify and fail if you can still reproduce this bug.
Comment 2 Kedar Bidarkar 2012-01-24 09:51:29 UTC 
This is issue can no longer be produced.

Created user ch1 , assigned it ReadEverything, logged in and verified.
Comment 3 Kedar Bidarkar 2012-01-24 09:53:49 UTC 
Created attachment 557175 [details]
users can no longer delete systems

verified with katello-194