Bug 735989 - for any unauthorized action 'permission denied' msg should appear under respective tabs instead of systems tab
Summary: for any unauthorized action 'permission denied' msg should appear under respe...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: WebUI
Version: 6.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium vote
Target Milestone: Unspecified
Assignee: Partha Aji
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks: katello-blockers
TreeView+ depends on / blocked
 
Reported: 2011-09-06 11:29 UTC by Sachin Ghai
Modified: 2013-03-27 20:57 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-08-22 17:55:31 UTC


Attachments (Terms of Use)
Login with user that has permission to access users/roles; Shows three tabs (13.60 KB, image/png)
2011-09-06 11:33 UTC, Sachin Ghai
no flags Details
'permission denied' msg under systems tab; also this hides other accessible tabs (10.81 KB, image/png)
2011-09-06 11:34 UTC, Sachin Ghai
no flags Details

Description Sachin Ghai 2011-09-06 11:29:27 UTC
Description of problem:
I created some customized roles and assigned them to a user.  But when I tried to perform some action for which I don't have necessary privileges, I got a permission denied message under systems tab. And this hides other tabs.

Here are couple of examples to reproduce.

Ex:1
=====
1. Create a role with following permissions and assign this role to a user eg newuser

Permissions for User 
- Access user
- Update user

Permissions for Roles:
- Access roles
- Update roles


2. When you login with 'newuser', you will get 3 tabs ( see attachment1 [details])
- Dashboard
- Systems
- Administration

if you click on systems tab you will get the permission denied message. and this hides the administration tab. (see attachement2)

Ideally in this case, systems tab should not appear because I didn't choose any permission related to system.


Ex2:
====

Create a role with following permissions and assign this role to a newuser:

Permission for org:
 - access organization
 - access systems

Permissions for Environment:
 - Access Changeset in Env
 - Access env contents
 - Access systems in Env

Permissions for Provider:
 - Access provider

Permissions for users:
 - Access users


Now if you click on 'Content Management' ==> 'promotions'; you will get a permission denied message under 'systems' tab.

Ideally 'permission denied' msg should be displayed under 'promotion' tab instead of systems tab and should not hide other tabs.


Version-Release number of selected component (if applicable):
katello-0.1.75-1.git.41.2e9f377.fc15.noarch

How reproducible:
always

Steps to Reproduce:

  
Actual results:


Expected results:
For all unauthorized operations 'permission denied' message should appear under respective tabs instead of systems tab and shouldn't hide other tabs

Additional info:

Comment 1 Sachin Ghai 2011-09-06 11:33:12 UTC
Created attachment 521633 [details]
Login with user that has permission to access users/roles; Shows three tabs

Instead of three tab there should be only two tabs( Dashboard, Administration) since the user has permission to access users/roles, not systems

Comment 2 Sachin Ghai 2011-09-06 11:34:54 UTC
Created attachment 521634 [details]
'permission denied' msg under systems tab; also this hides other accessible tabs

Comment 4 Jeff Weiss 2011-09-26 15:53:49 UTC
I am able to access the promotions page in the 2nd test.  That seems unexpected to me, since there was no permission added for that.  Partha:  comment?

Comment 5 Partha Aji 2011-09-26 16:07:55 UTC
Permissions for promotions page is a little tricky. For starters a general guide for the rules is in https://fedorahosted.org/katello/wiki/PermissionMatrix#Promotionpages
(even though that link needs to be updated for ActivationKeys & SystemTemplates)

In general you get access to promotion page if any of these conditions are true
1) You have access rights on changesets in any environment in the current organization.
2) You have access content rights on any environment in the organization. 

So Jeff to answer your question, it depends on what you selected for the Tags. If you selected access change set/access contents for any environment in the org, you'll be able to access the promotion page. 

One the page itself, the left pane will be disabled if you don't have "access contents" on the current environment and the right pane will be disabled if you don't have "access changeset" to the "next" environment in the path.

Comment 6 Jeff Weiss 2011-09-26 16:37:07 UTC
Ok, based on this the test is working as expected.  Verified, katello-0.1.84-1.git.26.51fa1e1.fc14.noarch


Note You need to log in before you can comment on or make changes to this bug.