Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1594275 - Users can see items which they don't have permissions/access to under services they own
Users can see items which they don't have permissions/access to under service...
Status: CLOSED ERRATA
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: API (Show other bugs)
5.9.0
Unspecified Unspecified
high Severity high
: GA
: 5.9.3
Assigned To: Milan Zázrivec
Landon LaSmith
: ZStream
Depends On: 1589266 1595418
Blocks:
  Show dependency treegraph
 
Reported: 2018-06-22 09:49 EDT by Satoe Imaishi
Modified: 2018-07-12 09:17 EDT (History)
11 users (show)

See Also:
Fixed In Version: 5.9.3.3
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1589266
Environment:
Last Closed: 2018-07-12 09:17:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: CFME Core

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2184 None None None 2018-07-12 09:17 EDT

  None (edit)
Comment 2 CFME Bot 2018-06-22 10:00:31 EDT 
New commit detected on ManageIQ/manageiq-api/gaprindashvili:

https://github.com/ManageIQ/manageiq-api/commit/e225b647af5ad1dc104e7eab328fe7d1c00a6bc8
commit e225b647af5ad1dc104e7eab328fe7d1c00a6bc8
Author:     Gregg Tanzillo <gtanzill@redhat.com>
AuthorDate: Fri Jun 22 03:20:25 2018 -0400
Commit:     Gregg Tanzillo <gtanzill@redhat.com>
CommitDate: Fri Jun 22 03:20:25 2018 -0400

    Merge pull request #404 from mzazrivec/fix_rbac_in_vms_subcollection_for_services

    In list of services, fetch RBAC-filtered vms subcollection
    (cherry picked from commit a0ce54f2a19f7ad808e45d9b8f75733db0a40f79)

    Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1594275

 app/controllers/api/subcollections/vms.rb | 1 +
 spec/requests/services_spec.rb | 21 +-
 2 files changed, 19 insertions(+), 3 deletions(-)
Comment 4 Landon LaSmith 2018-06-29 16:36:52 EDT 
Verification is currently blocked due to a bug while executing service requests in 5.9.3.3

https://bugzilla.redhat.com/show_bug.cgi?id=1595418
Comment 5 Landon LaSmith 2018-07-05 18:30:53 EDT 
VERIFIED in 5.9.3.4. While the total count of VMs order was displayed in the UI, a restricted user was only able to see ordered VMs that they had access to in the OPS and SSUI
Comment 7 errata-xmlrpc 2018-07-12 09:17:05 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2184
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.