Bug 766001 - Read Only account was able to delete system
Summary: Read Only account was able to delete system
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: WebUI
Version: 6.0.0
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: Unspecified
Assignee: Partha Aji
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks: katello-blockers
TreeView+ depends on / blocked
 
Reported: 2011-12-09 20:33 UTC by Eric Sammons
Modified: 2019-09-26 13:26 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
headpin
Last Closed: 2012-08-22 18:12:31 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
Screen shot of logged in user, w/ system having been deleted (111.98 KB, image/png)
2011-12-09 20:33 UTC, Eric Sammons
no flags Details
Permission page showing Access Only on Org. (110.09 KB, image/png)
2011-12-09 20:34 UTC, Eric Sammons
no flags Details
Permission page showing Access only to environments. (111.84 KB, image/png)
2011-12-09 20:35 UTC, Eric Sammons
no flags Details
with access only permissions, no 'remove system' option is available on UI. (50.99 KB, image/png)
2012-01-17 09:21 UTC, Sachin Ghai
no flags Details

Description Eric Sammons 2011-12-09 20:33:36 UTC
Created attachment 544687 [details]
Screen shot of logged in user, w/ system having been deleted

Description of problem:
Logged in as a user with Access only permissions, was able to delete a system.

Comment 1 Eric Sammons 2011-12-09 20:34:29 UTC
Created attachment 544689 [details]
Permission page showing Access Only on Org.

Comment 2 Eric Sammons 2011-12-09 20:35:29 UTC
Created attachment 544691 [details]
Permission page showing Access only to environments.

Comment 3 Partha Aji 2012-01-11 23:26:40 UTC
Hmm. Can't seem to reproduce this. Check again and fail it if it still occurs.

Comment 4 Sachin Ghai 2012-01-17 09:17:39 UTC
Verified this with following katello build:

[root@dhcp201-176 ~]# rpm -qa | grep -ie katello-0 -ie pulp-0
katello-0.1.178-1.el6.noarch
katello-glue-pulp-0.1.178-1.el6.noarch
pulp-0.0.257-1.el6.noarch
[root@dhcp201-176 ~]# 


This defect is not reproducible.

I created a user 'test' and assign access only permissions for org and env. 

However when I tried to remove a system, no such option was available on UI. Please see the attachment in next comment.

Comment 5 Sachin Ghai 2012-01-17 09:21:09 UTC
Created attachment 555712 [details]
with access only permissions, no 'remove system' option is available on UI.


Note You need to log in before you can comment on or make changes to this bug.