Red Hat Bugzilla – Bug 1467044
Content view displayed for wrong organization
Last modified: 2017-12-30 01:19:03 EST
Description of problem:
User with content view permissions for two different organizations, will able to see the content view of a different organization while his session is not in that organization.
For example, user has permissions to view CV for organizations A and B. User sessions in currently in organization A. Organization B has content view of id 1. The problem, if the user have a direct link (https://satellite.redhat.com/content_views/1/versions), he can see and do actions on it while in organization A.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
https://satellite.redhat.com/content_views/1/versions is viewable
404 or return to main list of content views for the organiztion the user currently working in.