1922134 – User with viewer role can see "Create Content View" button

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1922134 - User with viewer role can see "Create Content View" button

Summary: User with viewer role can see "Create Content View" button

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Content Views
Sub Component:
Version:	6.9.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	6.9.0
Assignee:	Samir Jha
QA Contact:	Lai
Docs Contact:
URL:
Whiteboard:
Duplicates (6):	1922111 1922118 1922140 1922145 1922171 1922174 (view as bug list)
Depends On:
Blocks:	1922171 1922174 1925172
TreeView+	depends on / blocked

Reported:	2021-01-29 10:29 UTC by Anand Agrawal
Modified:	2021-06-01 13:47 UTC (History)
CC List:	5 users (show)
Fixed In Version:	tfm-rubygem-katello-3.18.1.5-1
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-04-21 13:10:30 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
viewer role - content views - shows create button (69.92 KB, image/png) 2021-02-04 12:32 UTC, Brad Buckingham	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	31839	0	Normal	Closed	User with viewer role can see "Create Content View" button	2021-02-16 14:31:41 UTC
Red Hat Product Errata	RHSA-2021:1313	0	None	None	None	2021-04-21 13:11:04 UTC

Description Anand Agrawal 2021-01-29 10:29:12 UTC

Description of problem:
Non-admin user with viewer role can see "Create Content View" button.

Version-Release number of selected component (if applicable):

6.9
How reproducible:

Always
Steps to Reproduce:
1. Create a non-admin user with 'viewer' role.
2. Login with above non admin role.
3. Goto Content -> Content View, You will see "Create Content View"
4. While adding the details for new CV and clicking Submit, doesn't do anything. No error message as well

Actual results:
'Create Content View' is visible but unable to create content view

Expected results:

'Create Content View' shouldn't be visible.

Additional info:

Comment 1 Brad Buckingham 2021-02-04 12:32:28 UTC

Created attachment 1755052 [details]
viewer role - content views - shows create button

Comment 2 Anand Agrawal 2021-02-04 14:05:27 UTC

Same behaviour is observed in 

Content -> Content Credentials -> We can see Create Content Credentials -> Enter Details -> Click Submit. It shows Content Credential created successfully. But it doesn't create credential

Comment 3 Samir Jha 2021-02-09 00:20:16 UTC

Created redmine issue http://projects.theforeman.org/issues/31839 from this bug

Comment 4 Partha Aji 2021-02-09 22:10:04 UTC

*** Bug 1922174 has been marked as a duplicate of this bug. ***

Comment 5 Partha Aji 2021-02-09 22:12:21 UTC

Marked https://bugzilla.redhat.com/show_bug.cgi?id=1922174 as a duplicate because the fix for this fixes that. The scenarios look slightly different so feel free to test the scenario in https://bugzilla.redhat.com/show_bug.cgi?id=1922174

Comment 6 Bryan Kearney 2021-02-10 00:05:54 UTC

Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/31839 has been resolved.

Comment 7 Partha Aji 2021-02-10 16:49:50 UTC

*** Bug 1922118 has been marked as a duplicate of this bug. ***

Comment 8 Partha Aji 2021-02-10 16:51:19 UTC

(In reply to Partha Aji from comment #5)
> Marked https://bugzilla.redhat.com/show_bug.cgi?id=1922174 as a duplicate
> because the fix for this fixes that. The scenarios look slightly different
> so feel free to test the scenario in
> https://bugzilla.redhat.com/show_bug.cgi?id=1922174

Same with https://bugzilla.redhat.com/show_bug.cgi?id=1922118

Comment 9 Jonathon Turel 2021-02-10 17:14:05 UTC

*** Bug 1922171 has been marked as a duplicate of this bug. ***

Comment 10 Partha Aji 2021-02-10 18:56:44 UTC

*** Bug 1922111 has been marked as a duplicate of this bug. ***

Comment 11 Samir Jha 2021-02-11 18:08:38 UTC

*** Bug 1922145 has been marked as a duplicate of this bug. ***

Comment 12 Brad Buckingham 2021-02-16 14:32:39 UTC

*** Bug 1922140 has been marked as a duplicate of this bug. ***

Comment 13 Brad Buckingham 2021-02-16 14:33:39 UTC

QE, when verifying this bugzilla, please also verify all associated duplicate bugzillas are resolve.  Each one documents a similar but different scenario that appears to be due to the same root cause.

Comment 15 Lai 2021-02-22 18:56:03 UTC

Steps to retest:

1. Create a non-admin user with 'viewer' role.
2. Login with above non admin role.
3. Goto Content -> Content View
4. Verify that "Create New View" button is not present

Expected:
"Create New View" button should not be shown

Actual:
"Create New View" button is not shown.


Additional Note:
I've checked with "Create New Activation Key", "Create Product", "Repo Discovery", "Create Host Collection", and verify that the user cannot resume, cancel, or perform any tasks in the Tasks page because the "operation" column is not populated with anything.  I've also verify that drilling into the activation key, host collection, and product and repo details page does not have any angular code present.

Verified on 6.9.0_014

Comment 18 errata-xmlrpc 2021-04-21 13:10:30 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Satellite 6.9 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1313

Note You need to log in before you can comment on or make changes to this bug.