Created from redmine issue http://projects.theforeman.org/issues/5503
Upstream bug assigned to walden
PR: https://github.com/Katello/katello/pull/4226
commit f4129016e3ba33aa493d5209584f3b443362dbea Merge: c36f6f6 8332883 Author: Walden Raines <walden> Date: Wed Jun 18 15:19:37 2014 -0400 Merge pull request #4226 from waldenraines/5503 Fixes #5503/BZ1102315 - restrict UI interactions to actual permissions in Bastion. commit 83328836519a9ae1068ccf27b9a481f2457384c7 Author: Walden Raines <walden> Date: Tue Jun 3 14:18:29 2014 -0400 Fixes #5503/BZ1102315 - restrict UI interactions to actual permissions.
Verified. Used a Viewer role to test this bug - In UI - all pages are visible but not editable - In API - tested few api calls to edit objects and they returned Access denied #1: # curl -s -H "Content-Type:application/json" -H "Accept:application/json,version=2" -k -u readuser:pword -d '{"type":"system", "facts":{"release":"6Server", "architecture":"x86_64"}, "host_colletion_id":{}, "organization_id":3, "description":"Initial Registration Parameters:\nOS: redhat-release-server\nRelease: 6Server\nCPU Arch: x86_64\nsat5_system_id: 1000020000", "name":"mysytem-123.example.com"}' https://host.redhat.com/katello/api/systems {"message":"Access denied","details":null} #2: curl -s -H "Content-Type:application/json" -H "Accept:application/json,version=2" -k -u readuser:pword -d '{"name":"testorgapi"}' https://host.redhat.com/katello/api/organizations { "error": {"message":"Access denied","details":null} #3: curl -X POST -H "Content-Type:application/json" -H "Accept:application/json,version=2" -k -u readuser:pword -d '{"organization_id":"3", "name":"testakapi"}' https://host.redhat.com/katello/api/activation_keys {"message":"Access denied","details":null} Version Tested: GA Snap 4 - Satellite-6.0.4-RHEL-6-20140806.0 * apr-util-ldap-1.3.9-3.el6_0.1.x86_64 * candlepin-0.9.19-1.el6_5.noarch * candlepin-scl-1-5.el6_4.noarch * candlepin-scl-quartz-2.1.5-5.el6_4.noarch * candlepin-scl-rhino-1.7R3-1.el6_4.noarch * candlepin-scl-runtime-1-5.el6_4.noarch * candlepin-selinux-0.9.19-1.el6_5.noarch * candlepin-tomcat6-0.9.19-1.el6_5.noarch * elasticsearch-0.90.10-4.el6sat.noarch * foreman-1.6.0.38-1.el6sat.noarch * foreman-compute-1.6.0.38-1.el6sat.noarch * foreman-gce-1.6.0.38-1.el6sat.noarch * foreman-libvirt-1.6.0.38-1.el6sat.noarch * foreman-ovirt-1.6.0.38-1.el6sat.noarch * foreman-postgresql-1.6.0.38-1.el6sat.noarch * foreman-proxy-1.6.0.23-1.el6sat.noarch * foreman-selinux-1.6.0.4-1.el6sat.noarch * foreman-vmware-1.6.0.38-1.el6sat.noarch * katello-1.5.0-28.el6sat.noarch * katello-ca-1.0-1.noarch * katello-certs-tools-1.5.6-1.el6sat.noarch * katello-installer-0.0.57-1.el6sat.noarch * openldap-2.4.23-34.el6_5.1.x86_64 * pulp-katello-0.3-3.el6sat.noarch * pulp-nodes-common-2.4.0-0.30.beta.el6sat.noarch * pulp-nodes-parent-2.4.0-0.30.beta.el6sat.noarch * pulp-puppet-plugins-2.4.0-0.30.beta.el6sat.noarch * pulp-puppet-tools-2.4.0-0.30.beta.el6sat.noarch * pulp-rpm-plugins-2.4.0-0.30.beta.el6sat.noarch * pulp-selinux-2.4.0-0.30.beta.el6sat.noarch * pulp-server-2.4.0-0.30.beta.el6sat.noarch * python-ldap-2.3.10-1.el6.x86_64 * ruby193-rubygem-net-ldap-0.3.1-3.el6sat.noarch * ruby193-rubygem-runcible-1.1.0-2.el6sat.noarch * sssd-ldap-1.11.5.1-3.el6.x86_64
This was delivered with Satellite 6.0 which was released on 10 September 2014.