If the user visits a page/performs an operation for which he/she is not authorized, a permission denied notice needs to be sent.
For Ajax calls
I verified this with following katello version:
I created a user and assigned a newly created role. That role includes following permissions.
Permission for org:
Permissions for Environment:
Access Changeset in Env
Access env contents
Access systems in Env
Permissions for Provider:
Permissions for users:
When I login with newly created user which has all above permissions and click on sync mgmt tab under content management, UI throws following error:
>> We're sorry, but something went wrong.
>> We've been notified about this issue and we'll take a look at it shortly.
Since I've not assigned the sync related permissions, so ideally a permission denied message should pop up.
So you should not be getting the "500" when you hit the sync management page, I suspect its related to the fact that pulp is not setup to work on multi user oauth with katello yet. That work is still incomplete AFAIK.
Can you paste the stack trace in katello/production.log when you get this error?
I re-verified this defect with new builds:
[root@dhcp201-187 ~]# rpm -qa | grep katello
Now, I can traverse the sync management tab. And this time UI doesn't throws any error like I stated in comment3.
I can traverse the "sync management tab".
So my question is :
Is it expected behaviour ? Ideally UI should raise the permission denied message because the user with which I login doesn't have sync related permissions.
I used the same permissions as stated in comment3.
log from katello/production.log is
Started GET "/katello//sync_management/index" for 10.65.193.48 at Mon Oct 03 11:10:22 +0530 2011
Processing by SyncManagementController#index as HTML
Rendered sync_management/_products.html.haml (2.4ms)
Rendered layouts/_ajax_notices.haml (2.3ms)
Rendered layouts/_notification.haml (0.1ms)
Rendered layouts/_org.haml (0.7ms)
Rendered layouts/_header.haml (4.8ms)
Rendered layouts/_footer.haml (0.6ms)
Rendered common/_common_i18n.html.haml (0.2ms)
Rendered sync_management/index.html.haml within layouts/katello (244.3ms)
Completed 200 OK in 265ms (Views: 212.7ms | ActiveRecord: 38.8ms)
mass move to CFSE product.
Issue in comment # 3 now should ve been fixed. You should not be able to navigate to the sync management page and you should see a 403 permission denied error on the screen if you tried to add "/katello//sync_management/index" to the URL and tried to visit the page.
I had a user with system permissions. I manually pasted in the URL for promotions, and got a 403, as expected. However, I did not see any ensuing error message sent to the Notification view, as seen by either the user or the admin user.
Oh, so this bug is not referring to the actual notifications subsystem but rather just a notice (the former might be nice...)