Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 735989 - for any unauthorized action 'permission denied' msg should appear under respective tabs instead of systems tab
Summary: for any unauthorized action 'permission denied' msg should appear under respe...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: WebUI
Version: 6.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: Unspecified
Assignee: Partha Aji
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks: katello-blockers
TreeView+ depends on / blocked
 
Reported: 2011-09-06 11:29 UTC by Sachin Ghai
Modified: 2019-09-26 13:20 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-08-22 17:55:31 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Login with user that has permission to access users/roles; Shows three tabs (13.60 KB, image/png)
2011-09-06 11:33 UTC, Sachin Ghai 		no flags Details
'permission denied' msg under systems tab; also this hides other accessible tabs (10.81 KB, image/png)
2011-09-06 11:34 UTC, Sachin Ghai 		no flags Details
View All

Description Sachin Ghai 2011-09-06 11:29:27 UTC 
Description of problem:
I created some customized roles and assigned them to a user.  But when I tried to perform some action for which I don't have necessary privileges, I got a permission denied message under systems tab. And this hides other tabs.

Here are couple of examples to reproduce.

Ex:1
=====
1. Create a role with following permissions and assign this role to a user eg newuser

Permissions for User 
- Access user
- Update user

Permissions for Roles:
- Access roles
- Update roles


2. When you login with 'newuser', you will get 3 tabs ( see attachment1 [details])
- Dashboard
- Systems
- Administration

if you click on systems tab you will get the permission denied message. and this hides the administration tab. (see attachement2)

Ideally in this case, systems tab should not appear because I didn't choose any permission related to system.


Ex2:
====

Create a role with following permissions and assign this role to a newuser:

Permission for org:
 - access organization
 - access systems

Permissions for Environment:
 - Access Changeset in Env
 - Access env contents
 - Access systems in Env

Permissions for Provider:
 - Access provider

Permissions for users:
 - Access users


Now if you click on 'Content Management' ==> 'promotions'; you will get a permission denied message under 'systems' tab.

Ideally 'permission denied' msg should be displayed under 'promotion' tab instead of systems tab and should not hide other tabs.


Version-Release number of selected component (if applicable):
katello-0.1.75-1.git.41.2e9f377.fc15.noarch

How reproducible:
always

Steps to Reproduce:

  
Actual results:


Expected results:
For all unauthorized operations 'permission denied' message should appear under respective tabs instead of systems tab and shouldn't hide other tabs

Additional info:
Comment 1 Sachin Ghai 2011-09-06 11:33:12 UTC 
Created attachment 521633 [details]
Login with user that has permission to access users/roles; Shows three tabs

Instead of three tab there should be only two tabs( Dashboard, Administration) since the user has permission to access users/roles, not systems
Comment 2 Sachin Ghai 2011-09-06 11:34:54 UTC 
Created attachment 521634 [details]
'permission denied' msg under systems tab; also this hides other accessible tabs
Comment 3 Partha Aji 2011-09-20 22:27:35 UTC 
This should be fixed with http://git.fedorahosted.org/git/?p=katello.git;a=commit;h=bcb059288221504efc36fde2d5551a66802157c9
Comment 4 Jeff Weiss 2011-09-26 15:53:49 UTC 
I am able to access the promotions page in the 2nd test.  That seems unexpected to me, since there was no permission added for that.  Partha:  comment?
Comment 5 Partha Aji 2011-09-26 16:07:55 UTC 
Permissions for promotions page is a little tricky. For starters a general guide for the rules is in https://fedorahosted.org/katello/wiki/PermissionMatrix#Promotionpages
(even though that link needs to be updated for ActivationKeys & SystemTemplates)

In general you get access to promotion page if any of these conditions are true
1) You have access rights on changesets in any environment in the current organization.
2) You have access content rights on any environment in the organization. 

So Jeff to answer your question, it depends on what you selected for the Tags. If you selected access change set/access contents for any environment in the org, you'll be able to access the promotion page. 

One the page itself, the left pane will be disabled if you don't have "access contents" on the current environment and the right pane will be disabled if you don't have "access changeset" to the "next" environment in the path.
Comment 6 Jeff Weiss 2011-09-26 16:37:07 UTC 
Ok, based on this the test is working as expected.  Verified, katello-0.1.84-1.git.26.51fa1e1.fc14.noarch
Note You need to log in before you can comment on or make changes to this bug.