Bug 740967 - User with only "Promote Changesets in Environment" role gets 403 when accessing default Content Management tab
Summary: User with only "Promote Changesets in Environment" role gets 403 when accessi...
Keywords:
Status: CLOSED DUPLICATE of bug 737207
Alias: None
Product: Katello
Classification: Retired
Component: WebUI
Version: 1.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Jason E. Rist
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-09-23 23:54 UTC by Corey Welton
Modified: 2011-09-28 19:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-09-28 19:37:22 UTC


Attachments (Terms of Use)

Description Corey Welton 2011-09-23 23:54:38 UTC
Description of problem:

For a role (or a user who only has this role) that offers only "Promote Changesets in Environment" verb, when logging in and going to the available, default "Content Management" page, a 403 is returned.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Create a user called 'changesets'
2. Create a role called 'changesets role', containing user you just create and create a role which has ONLY the verb "Promote Changesets in Environment"
3. Login with user changesets.
4. Noting the two top-level tabs available (Dashboard, Content Management), click the "Content Management" tab.
  
Actual results:
User is given a permission denied - which makes sense, because user does not have access to all content management - but it is awkward.

Expected results:
Not exactly sure, some UXD consideration is required. Should user be dropped to first available subtab for which s/he has rights?

Additional info:

Comment 1 Corey Welton 2011-09-23 23:56:07 UTC
BTW, I'm gonna go out in a limb and say this will be a problem across several of the top-level tabs where permissions are split out against subtabs.

Comment 2 Corey Welton 2011-09-24 02:16:14 UTC
It should be noted that, in a similar situation, user with only rights of Organization:Sync Products /is/ taken to the proper submenu within Content Management, when clicking the top-level tab.

Comment 3 Mike McCune 2011-09-28 19:37:22 UTC

*** This bug has been marked as a duplicate of bug 737207 ***


Note You need to log in before you can comment on or make changes to this bug.