Description of problem: User with content view permissions for two different organizations, will able to see the content view of a different organization while his session is not in that organization. For example, user has permissions to view CV for organizations A and B. User sessions in currently in organization A. Organization B has content view of id 1. The problem, if the user have a direct link (https://satellite.redhat.com/content_views/1/versions), he can see and do actions on it while in organization A. Version-Release number of selected component (if applicable): 6.2.9 How reproducible: Always Steps to Reproduce: 1. 2. 3. Actual results: https://satellite.redhat.com/content_views/1/versions is viewable Expected results: 404 or return to main list of content views for the organiztion the user currently working in. Additional info:
Thank you for your interest in Satellite 6. We have evaluated this request, and we do not expect this to be implemented in the product in the foreseeable future. We are therefore closing this out as WONTFIX. If you have any concerns about this, please feel free to contact Rich Jerrido or Bryan Kearney. Thank you.