Bug 971140 - Permission to delete content view not allowing user to actually remove them
Permission to delete content view not allowing user to actually remove them
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 6
Classification: Red Hat
Component: WebUI (Show other bugs)
Nightly
Unspecified Unspecified
unspecified Severity medium (vote)
: Unspecified
: --
Assigned To: Partha Aji
Tazim Kolhar
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-05 15:18 EDT by Jeff Weiss
Modified: 2016-04-25 20:55 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-07-02 10:06:39 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jeff Weiss 2013-06-05 15:18:29 EDT
Description of problem:


Version-Release number of selected component (if applicable):
1.4.2-1.git.552.b351354.el6

How reproducible:


Steps to Reproduce:
1. Create a role and user and a content view. 
2. Assign the user to the role, and give the role the following global permissions:

[{:resource-type "Content View Defintions",
  :verbs ["Read Content View Definitions" "Delete Content View Definitions"]}]

3. Log in as the user.  Try to delete the content view

Actual results:
There is no Remove link after the content view is selected.

Expected results:
User is able to remove the content view.

Additional info:
Comment 2 Partha Aji 2013-09-18 18:05:42 EDT
As of today Content View Definitions (CVD) and Content Views (CV) have different delete criteria

CVD can be deleted if you have Administer/Delete permissions
CV can be deleted if you have Publish permission on CVD that published the CV.

Checking with Mike if the status quo is what we want.
I am ok with saying, lets make it more uniform by saying

CV can be deleted if you have Publish/Delete permission on CVD that published the CV.
Comment 3 Mike McCune 2013-09-18 18:08:28 EDT
In my opinion we should unify the permissions such that if you can CRUD the CVDs you should also be able to CRUD the views published from them.
Comment 4 Partha Aji 2013-09-18 19:09:03 EDT
Cool. Changing the code to all CV to be deleted if you have CVD delete or publish.
Comment 5 Partha Aji 2013-09-19 17:03:28 EDT
should be fixed when https://github.com/Katello/katello/pull/3009 gets merged to master
Comment 8 Mike McCune 2013-10-17 17:00:25 EDT
Moving this to be tested during MDP3, not critical for MDP2 success story
Comment 9 Tazim Kolhar 2014-04-28 02:21:02 EDT
VERIFIED
Comment 10 Bryan Kearney 2014-07-02 10:06:39 EDT
This was delivered with 6.0.3, which is the Satellite 6 Beta.

Note You need to log in before you can comment on or make changes to this bug.