Problem:
Someone can currently modify the POST request on the Channel Permissions and
Assigned Server Groups pages under User Details to include channels or server
groups managed by a different org and have their changes persist to the database.

Solution:
Prevent persisting of invalid data with regards to user channel permissions and
user assigned server groups.

Reproduce:
1. Login->go to Users->click a User->Channel Permissions
2. Right click and save source.
3. Modify the POST form to point to the correct domain (ex. /rhn/users ->
https://rhn.webdev.redhat.com/rhn/users)
4. Add within the form tag a cid and selectedChannel from a different org.
    ex.(    <input type="checkbox" name="selectedChannels" value="4211" />
            <input type='hidden' name="cid" value="4211" /> )
5. Browse to the page on your harddrive using a web browser.
6. Select the checkbox that shouldn't be there.
7. Click the button to submit the form.
8. See that the user's channel perms include the invalid channel:
Select * from rhnUserChannel where user_id = :uid and channel_id = :cid

For server group permissions, do the same as above with the following changes.
1. Login->go to Users->click a User->System Groups
4. <input type="checkbox" name="selectedGroups" value="4635208" />
   <input type="hidden" name="cid" value="4635208" />
8. See that the user's server group perms include the invalid group:
Select * from rhnUserManagedServerGroups where user_id = :uid and
server_group_id = :sgid