First Last Prev Next    This bug is not in your last search results.
Bug 970499 - any user can add a system to their group
any user can add a system to their group
Status: CLOSED CURRENTRELEASE
Product: Beaker
Classification: Community
Component: web UI (Show other bugs)
develop
Unspecified Unspecified
unspecified Severity unspecified (vote)
: 0.13
: ---
Assigned To: Dan Callaghan
Nick Coghlan
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-04 03:48 EDT by Dan Callaghan
Modified: 2018-02-05 19:41 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-06-25 02:27:15 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Dan Callaghan 2013-06-04 03:48:01 EDT 
Description of problem:
Any user can add any system to their group, even if they don't own the system.

Version-Release number of selected component (if applicable):
unreleased

Steps to Reproduce:
1. Create a new group
2. From the group edit page, add a system which you do not own

Actual results:
Permitted to add the system.

Expected results:
Should only be allowed to add systems which you own. Otherwise it is a loophole through which users can grant themselves extra access to locked-down systems.
Comment 1 Dan Callaghan 2013-06-04 08:23:23 EDT 
On Gerrit: http://gerrit.beaker-project.org/2016
Comment 4 Nick Coghlan 2013-06-06 20:50:35 EDT 
Confirmed that without admin access, I can no longer add arbitrary systems to my groups.
Comment 6 Amit Saha 2013-06-25 02:27:15 EDT 
Beaker 0.13.1 has been released.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.