Description of problem: userA and userB are normal user. UserA submit a job, and userB could extend this task watchdog time. Version-Release number of selected component (if applicable): 0.14.2 How reproducible: 100% Steps to Reproduce: 1.userA submit a job. 2.userB use command "bkr watchdog-show 106613" 3.userB use command "bkr watchdog-extend 106613 --by 1000" 4.userB use command "bkr watchdog-show 106613" Actual results: The watchdog time is modified. Expected results: Have no permission to operate it. Additional info:
Note that this existing behaviour is because we do not have any way to authenticate calls which come from test systems (and extending the watchdog is one of those calls). See bug 843687 for that.