Red Hat Bugzilla – Bug 163834
Java Security for System Profiles
Last modified: 2007-04-18 13:29:37 EDT
Currently, the java code does not test whether a system profile is actually
viewable by the logged in user. Go to Systems->click a
system->Packages->Profiles ->Compare to Profile. Here, you can change the prid
in the url and access another person's profile (or at least produce a 500 error).
Moving to rhn400-must instead of toplevel. Ken, this will need a test plan.
Find an id for a system profile of a different org. Note: System Profiles are
restricted by org, not by user because of limitations of our current data model.
Login->Go to Systems->Click a system->Packages->Profiles->Compare to Profile->
modify the url so that the prid parameter equals the system profile you found in
the first step.
Expected Results: Lookup Error Page
Failure Results: A diff between the system and profile or 500 error.
will qa this
works fine. prod_ready.