Description of problem: One can delete jobs not owned by itself, via webui or command line. It's odd that you have not permission to cancel someone's jobs, but you can delete them. One user's misoperation may involve others, and admin seems not able to recover deleted jobs. (maybe another ticket should be filed?) Version-Release number of selected component (if applicable): 0.11.3 Steps to Reproduce: $ bkr job-delete J:xxxxxx Actual results: User can delete anyone's jobs. Expected results: User can only delete own jobs. Additional info:
on gerrit: http://gerrit.beaker-project.org/1787
Verified: XML-RPC fault: <class 'bkr.common.bexceptions.BeakerException'>:"You don't have permission to delete job J:113"
Beaker 0.12 has been released.