Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 829794 - Trying to access many top-level menu items as a user w/ no rights throws ISEs rather than permission denied.
Trying to access many top-level menu items as a user w/ no rights throws ISEs...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 6
Classification: Red Hat
Component: WebUI (Show other bugs)
6.0.0
Unspecified Unspecified
unspecified Severity high (vote)
: Unspecified
: Unused
Assigned To: Partha Aji
Corey Welton
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-07 10:59 EDT by Corey Welton
Modified: 2014-09-18 11:31 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Access to pages without appropriate permissions resulted in a 500 Internal Server Error message. This fix allows users without permissions to only access systems but denies other pages with 403 Permission Denied.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-10-24 10:22:04 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:1543 normal SHIPPED_LIVE Important: CloudForms System Engine 1.1 update 2012-12-04 19:39:57 EST

  None (edit)
Description Corey Welton 2012-06-07 10:59:35 EDT 
Description of problem:
When a user with no rights attempts to access certain menu items (i.e., perhaps by a bookmark) that said user does not have rights to, ISEs are thrown. User should be getting permission denied messages, or at very least, it should handle the situation gracefully.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.  Login as admin. Copy/bookmark the URL for any of the main top-level menu items -- Content Management, Systems, Organizations, etc.
2.  Create a user, "norights" which has no associated roles.
3.  Logout and log back in with user norights.
4.  Paste in your URL or visit bookmark, to try and access some of those pages.
  
Actual results:

500 Internal Server Error

Sorry about that! It seems something went wrong. If you continue having trouble with this, please contact an Administrator.

You might want to log out and log back in again to clear your cookies.
Error:

    undefined method `allowed_organizations' for nil:NilClass



Expected results:

Situation is handled gracefully - no ISEs.

Additional info:
Comment 2 Pavel Pokorny 2012-07-18 04:17:09 EDT 
Katello 049d74c361:

As a user with no assigned roles I can access only systems. All other pages I tried (directly through URL) are 403 - Permission Denied.

So I think it is fixed. What page exactly was 500?
Comment 4 Corey Welton 2012-09-17 11:47:54 EDT 
Maybe this got fixed with the UI redesign. It no longer occurs. User no longer gets ISEs.

CloudForms System Engine Version: 1.1.12-7.el6cf
Comment 5 Mike McCune 2012-10-24 10:22:04 EDT 
closing, currentrelease since these seemingly got missed in the 1.0.1 errata
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.