New commit detected on ManageIQ/manageiq/gaprindashvili: https://github.com/ManageIQ/manageiq/commit/4347128c7f564223941c1f60367faf225f6cd4a5 commit 4347128c7f564223941c1f60367faf225f6cd4a5 Author: Keenan Brock <keenan> AuthorDate: Fri Apr 20 12:04:57 2018 -0400 Commit: Keenan Brock <keenan> CommitDate: Fri Apr 20 12:04:57 2018 -0400 Merge pull request #17322 from lpichler/revert_make_user_filter_as_restriction Revert "Merge pull request #15367" (cherry picked from commit 9f8c439882b88b6dc0866d74c0df29c168cdaca7) Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1570118 lib/rbac/filterer.rb | 16 +- spec/lib/rbac/filterer_spec.rb | 12 +- 2 files changed, 14 insertions(+), 14 deletions(-)
VERIFIED in 5.9.2.4 I created a role/group/user that was restricted to user/group ownership and a tag. That user was able to view catalog items that were tagged only OR un-tagged but group (or user owned).
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:1328