Bug 1116722 - CSV export exposes power configuration to unprivileged users
Summary: CSV export exposes power configuration to unprivileged users
Alias: None
Product: Beaker
Classification: Community
Component: web UI
Version: 0.16
Hardware: Unspecified
OS: Unspecified
unspecified vote
Target Milestone: 0.17.1
Assignee: Dan Callaghan
QA Contact: tools-bugs
Depends On:
TreeView+ depends on / blocked
Reported: 2014-07-07 07:10 UTC by Dan Callaghan
Modified: 2018-02-06 00:41 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-07-18 08:17:34 UTC

Attachments (Terms of Use)

Description Dan Callaghan 2014-07-07 07:10:17 UTC
Description of problem:
Beaker only shows a system's power configuration to users who have permission to edit it. However the CSV export will include power configuration for all systems that the user has view permissions on.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Pick Reports -> CSV from the menu
2. Select "System Power" CSV type and export
3. In the output, find a system which you do not have permission to edit

Actual results:
Power settings are shown

Expected results:
Power settings should not be shown if the exporting user does not have edit_system permission.

Comment 1 Dan Callaghan 2014-07-08 11:07:36 UTC
On Gerrit: http://gerrit.beaker-project.org/3195

Comment 4 Dan Callaghan 2014-07-18 08:17:34 UTC
Beaker 0.17.1 has been released.

Note You need to log in before you can comment on or make changes to this bug.