Description of problem: When I create a non admin user with a role which contains all permissions (most importantly the 'destroy_products' permission) from 'Products and Repositories' resource group, I'm not able to upload a new packages in the repository of type yum. The upload dialog is completely missing. Steps to Reproduce: 1. Create new user (Administer > Users > New User), assign him e-mail, organization, location and password (tested on Internal authorization method) 2. Create new role (Administer > Roles > New Role) 3. In the role create New filter with following permissions: * Resource type: Product and Repositories * Selected items: create_products edit_products destroy_products sync_products export_products view_products 4. Assign the role to the created user (Administer > Users > user > Roles tab > Choose the role > Submit 5. Choose some custom product with repository type 'yum' 6. Click the repository Actual results: The upload dialog is completely missing. Expected results: The upload dialog is present and the user is allowed to upload packages into the repository. Additional info: * I have tested this on Satellite 6.2.4 and it's working there * The relevant permission, which grants access to the upload dialog is probably destroy_products * Same setup on Satellite 6.2.6 does not work * On both 6.2.4 and 6.2.6 the user with this permissions is not allowed to create new repository in the product
This does not seem to be generic permissions issue rather than the page with upload form does not check specific permission correctly. Moving to repositories component.
Hello Roman, I am not able to reproduce the issue with the steps above on 6.2.4, 6.2.6 or on the upstream. If I remove the 'destroy_products' permission, I am able to reproduce it. Is that the scenario/configuration that you intended to report? If not, if you have an internal reproducer, can we access it? In other words, the user has the following permissions: Resource: Product and Repositories Permissions: view_products, create_products, edit_products, destroy_products, sync_products, export_products And not the following: Resource: Product and Repositories Permissions: view_products, create_products, edit_products, sync_products, export_products
I am seeing the exact same behavior on both 6.2.4 and 6.2.6; therefore, access to an internal reproducer (if one is available) would be useful.
(In reply to Brad Buckingham from comment #5) > I am seeing the exact same behavior on both 6.2.4 and 6.2.6; therefore, > access to an internal reproducer (if one is available) would be useful. Hello Brad, this is strange. I'm testing it on 6.2.7 and it works fine now. The destroy_products was present at the role before. I will update the customer and ask him for verification. Regards, -Roman
Hi Roman, I came across another bugzilla today that has a very similar description. I suspect that the issue here may actually be the same and it does require a small code change. Care to take a quick look? If it is, we can mark this one as a duplicate. The other bz is bug 1429624. thanks, Brad
(In reply to Brad Buckingham from comment #7) Hello Brad, yes, this BZ is a duplicate of Bug 1429624 and can be closed. Regards, -Roman
*** This bug has been marked as a duplicate of bug 1429624 ***