Bug 971140 - Permission to delete content view not allowing user to actually remove them
Summary: Permission to delete content view not allowing user to actually remove them
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: WebUI (Show other bugs)
(Show other bugs)
Version: Nightly
Hardware: Unspecified Unspecified
unspecified
medium vote
Target Milestone: Unspecified
Assignee: Partha Aji
QA Contact: Tazim Kolhar
URL:
Whiteboard:
Keywords: Triaged
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-06-05 19:18 UTC by Jeff Weiss
Modified: 2016-04-26 00:55 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-07-02 14:06:39 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Jeff Weiss 2013-06-05 19:18:29 UTC
Description of problem:


Version-Release number of selected component (if applicable):
1.4.2-1.git.552.b351354.el6

How reproducible:


Steps to Reproduce:
1. Create a role and user and a content view. 
2. Assign the user to the role, and give the role the following global permissions:

[{:resource-type "Content View Defintions",
  :verbs ["Read Content View Definitions" "Delete Content View Definitions"]}]

3. Log in as the user.  Try to delete the content view

Actual results:
There is no Remove link after the content view is selected.

Expected results:
User is able to remove the content view.

Additional info:

Comment 2 Partha Aji 2013-09-18 22:05:42 UTC
As of today Content View Definitions (CVD) and Content Views (CV) have different delete criteria

CVD can be deleted if you have Administer/Delete permissions
CV can be deleted if you have Publish permission on CVD that published the CV.

Checking with Mike if the status quo is what we want.
I am ok with saying, lets make it more uniform by saying

CV can be deleted if you have Publish/Delete permission on CVD that published the CV.

Comment 3 Mike McCune 2013-09-18 22:08:28 UTC
In my opinion we should unify the permissions such that if you can CRUD the CVDs you should also be able to CRUD the views published from them.

Comment 4 Partha Aji 2013-09-18 23:09:03 UTC
Cool. Changing the code to all CV to be deleted if you have CVD delete or publish.

Comment 5 Partha Aji 2013-09-19 21:03:28 UTC
should be fixed when https://github.com/Katello/katello/pull/3009 gets merged to master

Comment 8 Mike McCune 2013-10-17 21:00:25 UTC
Moving this to be tested during MDP3, not critical for MDP2 success story

Comment 9 Tazim Kolhar 2014-04-28 06:21:02 UTC
VERIFIED

Comment 10 Bryan Kearney 2014-07-02 14:06:39 UTC
This was delivered with 6.0.3, which is the Satellite 6 Beta.


Note You need to log in before you can comment on or make changes to this bug.