1303992 – User can delete himself

Bug 1303992 - User can delete himself

Summary: User can delete himself

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Storage Console
Classification:	Red Hat
Component:	UI
Sub Component:
Version:	2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	3
Assignee:	sankarshan
QA Contact:	sds-qe-bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-02-02 16:01 UTC by Lubos Trilety
Modified:	2017-03-23 04:10 UTC (History)
CC List:	3 users (show)
Fixed In Version:	rhscon-ui-0.0.23-1
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-03-23 04:10:59 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Lubos Trilety 2016-02-02 16:01:18 UTC

Description of problem:
Admin user is able to delete any user even himself and even when there is no other user.

Version-Release number of selected component (if applicable):
rhscon-core-0.0.8-1.el7.x86_64
rhscon-ceph-0.0.6-1.el7.x86_64
rhscon-ui-0.0.7-1.el7.noarch

How reproducible:
100%

Steps to Reproduce:
1. Go to Admin page and try to delete an user which is currently logged in

Actual results:
User is deleted. After any click it fails and so the page is re-routed to log page. However the session is still active so it's not possible to log as any user. Only possibility is to remove saved cookies from the browser.

Expected results:
User should not be able to remove himself from the user list.

Additional info:
Note that if the last user is removed clear of browser cookies doesn't help.

Comment 1 Dhivya Sivaprakasam 2016-02-09 09:18:46 UTC

https://review.gerrithub.io/#/c/262381/

Comment 4 Martin Kudlej 2016-07-01 11:32:44 UTC

Tested with rhscon-ui-0.0.43-1.el7scon.noarch and I still see issue. ->Assigned

Note You need to log in before you can comment on or make changes to this bug.