Created attachment 1016816 [details] product feature Description of problem: Version-Release number of selected component (if applicable): 5.4.0.0.22.20150420163946_26004d1 How reproducible: 100% Steps to Reproduce: 1. Create role, assign permissions for "Services", "Catalog Explorer", "Catalog Items", "View catalog Items" only 2.create a group and assign this role 3.create user with the above role 4. Log in as the user Actual results: User is able to add new button group, add new buttons etc when is has only view permission. see attached screenshots Expected results: user should only be able to view items Additional info:
Created attachment 1016817 [details] snp1
https://github.com/ManageIQ/manageiq/pull/3114
https://github.com/ManageIQ/manageiq/pull/3987
https://github.com/ManageIQ/manageiq/pull/4279
Not sure why CFME Bot added that PR, because it's not related to the BZ. Related Pull Request is https://github.com/ManageIQ/manageiq/pull/3987
https://github.com/ManageIQ/manageiq/pull/4611
https://github.com/ManageIQ/manageiq/pull/4328
https://github.com/ManageIQ/manageiq/pull/6353
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/2dfc3fbee7376844342e5fabaed8e809002d46fb commit 2dfc3fbee7376844342e5fabaed8e809002d46fb Author: Jozef Zigmund <jzigmund> AuthorDate: Tue Mar 15 17:00:53 2016 +0100 Commit: Jozef Zigmund <jzigmund> CommitDate: Thu Apr 7 15:47:58 2016 +0200 Hide toolbar Add/Edit actions in CatalogItem#show when user has view permission only https://bugzilla.redhat.com/show_bug.cgi?id=1213840 app/helpers/application_helper/toolbar_builder.rb | 27 +++++++++++++++++++++++ 1 file changed, 27 insertions(+)
New commit detected on cfme/5.5.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=637ab77aadae93ba54cbe4e47ee5c6edddbccfb3 commit 637ab77aadae93ba54cbe4e47ee5c6edddbccfb3 Author: Jozef Zigmund <jzigmund> AuthorDate: Tue Mar 15 17:00:53 2016 +0100 Commit: Jozef Zigmund <jzigmund> CommitDate: Mon Apr 18 16:04:56 2016 +0200 Hide toolbar Add/Edit actions in CatalogItem#show when user has view permission only https://bugzilla.redhat.com/show_bug.cgi?id=1213840 app/helpers/application_helper/toolbar_builder.rb | 27 +++++++++++++++++++++++ 1 file changed, 27 insertions(+)
User unable to modify catalog items when it has only access to view permission. Verified:5.6.0.5-beta2.4.20160503153816_1fb554f
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1348