Bug 163834 - Java Security for System Profiles
Java Security for System Profiles
Product: Red Hat Network
Classification: Red Hat
Component: RHN/R&D (Show other bugs)
RHN Devel
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ken Ganong
Mike McCune
Depends On:
Blocks: 147875
  Show dependency treegraph
Reported: 2005-07-21 10:35 EDT by Ken Ganong
Modified: 2007-04-18 13:29 EDT (History)
1 user (show)

See Also:
Fixed In Version: RHN 4.0.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-08-31 22:35:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ken Ganong 2005-07-21 10:35:58 EDT
Currently, the java code does not test whether a system profile is actually
viewable by the logged in user.  Go to Systems->click a
system->Packages->Profiles ->Compare to Profile.  Here, you can change the prid
in the url and access another person's profile (or at least produce a 500 error).
Comment 1 Mike McCune 2005-07-22 17:19:48 EDT
Moving to rhn400-must instead of toplevel.  Ken, this will need a test plan.
Comment 2 Ken Ganong 2005-07-25 10:46:16 EDT
Test Plan

Find an id for a system profile of a different org.  Note: System Profiles are
restricted by org, not by user because of limitations of our current data model.

Login->Go to Systems->Click a system->Packages->Profiles->Compare to Profile->
modify the url so that the prid parameter equals the system profile you found in
the first step.

Expected Results: Lookup Error Page
Failure Results: A diff between the system and profile or 500 error.
Comment 3 Mike McCune 2005-07-29 19:36:30 EDT
will qa this
Comment 4 Mike McCune 2005-07-29 19:40:50 EDT
works fine. prod_ready.

Note You need to log in before you can comment on or make changes to this bug.