Bug 739912 - Permissions not enforced for Hardware Profiles
Summary: Permissions not enforced for Hardware Profiles
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: CloudForms Cloud Engine
Classification: Retired
Component: aeolus-conductor
Version: 1.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
Assignee: Jan Provaznik
QA Contact: wes hayutin
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-09-20 12:14 UTC by Aziza Karol
Modified: 2012-05-15 21:55 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-05-15 21:55:50 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2012:0583 0 normal SHIPPED_LIVE new packages: aeolus-conductor 2012-05-15 22:31:59 UTC

Description Aziza Karol 2011-09-20 12:14:21 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Login as admin and create a non-admin user.
2. add hardware profile.
3.login as non-admin user and verify if non-admin user is able to view/edit or delete hardware profile

Currently non admin user is able to view hardware profiles.



Expected results:
Non-admin user should not be able to view/edit/delete hardware profile

Additional info:
[root@kvm-guest-06 nodes]# rpm -qa | grep aeolus
aeolus-conductor-0.4.0-0.20110919181505git369190d.fc15.noarch
aeolus-conductor-daemons-0.4.0-0.20110919181505git369190d.fc15.noarch
aeolus-conductor-doc-0.4.0-0.20110919181505git369190d.fc15.noarch
rubygem-aeolus-image-0.1.0-3.20110919115936gitd1d24b4.fc15.noarch
aeolus-configure-2.0.2-4.20110916125556git5a94390.fc15.noarch
aeolus-all-0.4.0-0.20110919181505git369190d.fc15.noarch
Comment 1 Jan Provaznik 2011-09-26 14:49:51 UTC 
fixed in commit 9428d6e73858ae20154057319e9371b5c0ce8416
Comment 2 wes hayutin 2011-09-28 16:39:08 UTC 
making sure all the bugs are at the right version for future queries
Comment 4 Aziza Karol 2011-10-05 08:32:29 UTC 
Permissions are now enforced for Hardware Profiles.
Non-admin user is not able to view/edit or delete hardware profile.


verified on:
[root@kvm-guest-03 templates]# rpm -qa | grep aeolus
rubygem-aeolus-image-0.1.0-3.20111003170706git8f23238.fc15.noarch
aeolus-conductor-0.4.0-0.20111004192348git2cf5ee6.fc15.noarch
aeolus-all-0.4.0-0.20111004192348git2cf5ee6.fc15.noarch
aeolus-configure-2.0.2-4.20111004160858gitaf7e59a.fc15.noarch
aeolus-conductor-doc-0.4.0-0.20111004192348git2cf5ee6.fc15.noarch
aeolus-conductor-daemons-0.4.0-0.20111004192348git2cf5ee6.fc15.noarch
rubygem-aeolus-cli-0.1.0-3.20111003133323git9451323.fc15.noarch
Comment 6 errata-xmlrpc 2012-05-15 21:55:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2012-0583.html
Note You need to log in before you can comment on or make changes to this bug.