1426687 – Edit components displayed when user is not allowed to edit

Bug 1426687 - Edit components displayed when user is not allowed to edit

Summary: Edit components displayed when user is not allowed to edit

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Users & Roles
Sub Component:
Version:	6.2.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	Unspecified
Assignee:	David Davis
QA Contact:	Adam Ruzicka
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-02-24 15:29 UTC by Andrii Balakhtar
Modified:	2020-03-11 15:51 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1317828
Environment:
Last Closed:	2018-02-21 16:41:55 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
verification screenshot 1 (43.24 KB, image/png) 2017-08-16 08:49 UTC, Adam Ruzicka	no flags	Details
used permissions (15.53 KB, image/png) 2017-08-16 08:49 UTC, Adam Ruzicka	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	13934	0	None	None	None	2017-02-24 15:29:30 UTC

Description Andrii Balakhtar 2017-02-24 15:29:31 UTC

+++ This bug was initially created as a clone of Bug #1317828 +++

Description of problem:
A role is defined which allows Users to:
- Publish a new version of a content view 
- Promote a version to a LifeCycle Environment 
- Remove a version from a LifeCycle Environment

On the "Yum Content" > "Repositories page, "List/Remove" and "Add" tabs are displayed but User cannot Add or Remove repositories  
Same for the "Docker Content" tab.

Version-Release number of selected component (if applicable):
Satellite 6.2.8 SNAP 3

How reproducible:
100%

Steps to Reproduce:
1. Define a role as mentioned in the description
2. Navigate to content views
3. Verify yum content and docker content for "List/Remove" and "Add" tabs

Actual results:
Shows "List/Remove" and "Add" tabs while the user has no rights for it.

Expected results:
Just show read-only lists.

Additional info:

--- Additional comment from Kenny Tordeurs on 2016-03-15 06:19 EDT ---



--- Additional comment from Kenny Tordeurs on 2016-03-15 06:19 EDT ---



--- Additional comment from Bryan Kearney on 2016-07-20 14:10:54 EDT ---

Upstream bug assigned to cfouant

--- Additional comment from Bryan Kearney on 2016-07-26 15:01:44 EDT ---

Moving 6.2 bugs out to sat-backlog.

--- Additional comment from Bryan Kearney on 2016-08-03 14:12:51 EDT ---

Upstream bug assigned to daviddavis

--- Additional comment from Bryan Kearney on 2016-09-29 12:14:28 EDT ---

Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/13934 has been resolved.

--- Additional comment from RHEL Product and Program Management on 2016-09-30 10:12:07 EDT ---

This bug report previously had all acks and release flag approved.
However since at least one of its acks has been changed, the
release flag has been reset to ? by the bugbot (pm-rhel).  The
ack needs to become approved before the release flag can become
approved again.

--- Additional comment from RHEL Product and Program Management on 2016-09-30 10:35:06 EDT ---

Since this issue was entered in Red Hat Bugzilla, the pm_ack has been
set to + automatically for the next planned release

--- Additional comment from Bryan Kearney on 2016-10-03 12:31:17 EDT ---

I am moving all bugs which have been addressed in either katello 3.2 or foreman 13.0 and 13.1 to ON_QA. These bugs have been delivered in the first 3 snaps.

--- Additional comment from Bryan Kearney on 2016-10-03 12:54:44 EDT ---

Moving all bugs which are fixed in Katello 3.2 to ON_QA for 6.3. These were delivered in the initial snaps of 6.3.

--- Additional comment from Bruno Rocha on 2016-11-09 17:57 EST ---



--- Additional comment from Bruno Rocha on 2016-11-09 17:58 EST ---



--- Additional comment from Bruno Rocha on 2016-11-09 18:04:13 EST ---

Verified in:

satellite-6.3.0-6.1.beta.el7sat.noarch - RHEL6 and RHEL7

Conclusion:

As in attached images, now it is needed more filters added to the role such as "access_dashboard" and "view_hosts", but all "read_only" filters.

User was able to see ContentView - Yum Content and "List/Remove" and "Add" tabs not shown.

Comment 1 Andrii Balakhtar 2017-02-24 15:32:45 UTC

This is a clone of #1317828 for 6.2.z, as original bz is targeted for 6.3 but 6.2.z is affected too.
I'm ok with either fixing or simply closing it with WONTFIX, basically separate bz is only needed for our automation not to execute the test for 6.2.z branch while it's not fixed.

Comment 3 Satellite Program 2017-02-24 17:06:41 UTC

Upstream bug assigned to daviddavis

Comment 4 Satellite Program 2017-02-24 17:06:46 UTC

Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/13934 has been resolved.

Comment 6 Adam Ruzicka 2017-08-16 08:49:20 UTC

Created attachment 1314012 [details]
verification screenshot 1

Comment 7 Adam Ruzicka 2017-08-16 08:49:44 UTC

Created attachment 1314013 [details]
used permissions

Comment 8 Adam Ruzicka 2017-08-16 08:52:18 UTC

Verified.
Version Tested: Satellite-6.3 Snap 11
Package versions:
satellite-6.3.0-16.0.beta.el7sat.noarch
katello-3.4.4-2.el7sat.noarch

1) Created a role (see screenshot in #7)
2) Created a user, assigned role from 1 to the user
3) As the user, navigated to Content Views > content view > yum content > repositories
4) No List/Add or Remove tabs shown (see screenshot in #6)

Comment 9 Bryan Kearney 2018-02-21 16:39:52 UTC

Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336

Comment 10 Bryan Kearney 2018-02-21 16:41:55 UTC

Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336

Comment 11 Satellite Program 2018-02-21 16:51:07 UTC

Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> 
> For information on the advisory, and where to find the updated files, follow the link below.
> 
> If the solution does not work for you, open a new bug report.
> 
> https://access.redhat.com/errata/RHSA-2018:0336

Note You need to log in before you can comment on or make changes to this bug.