Bug 973241 - User logging in with no rights can access foreman
Summary: User logging in with no rights can access foreman
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Provisioning
Version: Nightly
Hardware: Unspecified
OS: Unspecified
unspecified
high vote
Target Milestone: Unspecified
Assignee: Marek Hulan
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-06-11 14:22 UTC by Corey Welton
Modified: 2016-09-26 14:28 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-03-12 22:58:11 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Corey Welton 2013-06-11 14:22:25 UTC
Description of problem:

Entering this on behalf of dcaplan.
When creating a non-admin user (or a user with no rights for that matter), user can switch to provisioning menu and access things as admin user.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.  In katello, create a new user "norights"
2.  Login as "norights"
3.  switch to Provisioning (foreman) UI

Actual results:
User is granted admin rights insofar as foreman is concerned and can access the UI

Expected results:
User should not have access to foreman.

Additional info:

Comment 2 Corey Welton 2013-06-11 14:24:26 UTC
* apr-util-ldap-1.3.9-3.el6_0.1.x86_64
* candlepin-0.8.9-1.el6_4.noarch
* candlepin-scl-1-5.el6_4.noarch
* candlepin-scl-quartz-2.1.5-5.el6_4.noarch
* candlepin-scl-rhino-1.7R3-1.el6_4.noarch
* candlepin-scl-runtime-1-5.el6_4.noarch
* candlepin-selinux-0.8.9-1.el6_4.noarch
* candlepin-tomcat6-0.8.9-1.el6_4.noarch
* elasticsearch-0.19.9-8.el6sat.noarch
* foreman-1.1.10005-1.noarch
* foreman-compute-1.1.10005-1.noarch
* foreman-installer-puppet-concat-0-2.d776701.git.0.21ef926.el6sat.noarch
* foreman-installer-puppet-dhcp-0-5.3a4a13c.el6sat.noarch
* foreman-installer-puppet-dns-0-7.fcae203.el6sat.noarch
* foreman-installer-puppet-foreman-0-6.568c5c4.el6sat.noarch
* foreman-installer-puppet-foreman_proxy-0-8.bd1e35d.el6sat.noarch
* foreman-installer-puppet-puppet-0-3.ab46748.el6sat.noarch
* foreman-installer-puppet-tftp-0-5.ea6c5e5.el6sat.noarch
* foreman-installer-puppet-xinetd-0-50a267b8.git.0.44aca6a.el6sat.noarch
* foreman-libvirt-1.1.10005-1.noarch
* foreman-postgresql-1.1.10005-1.noarch
* foreman-proxy-1.1.10003-1.el6sat.noarch
* foreman-proxy-installer-1.0.1-8.f5ae2cd.el6sat.noarch
* katello-1.4.2-11.el6sat.noarch
* katello-all-1.4.2-11.el6sat.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.4.2-2.el6sat.noarch
* katello-cli-1.4.2-7.el6sat.noarch
* katello-cli-common-1.4.2-7.el6sat.noarch
* katello-common-1.4.2-11.el6sat.noarch
* katello-configure-1.4.3-14.el6sat.noarch
* katello-configure-foreman-1.4.3-14.el6sat.noarch
* katello-foreman-all-1.4.2-11.el6sat.noarch
* katello-glue-candlepin-1.4.2-11.el6sat.noarch
* katello-glue-elasticsearch-1.4.2-11.el6sat.noarch
* katello-glue-pulp-1.4.2-11.el6sat.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.4.3-3.el6sat.noarch
* openldap-2.4.23-31.el6.x86_64
* openldap-devel-2.4.23-31.el6.x86_64
* pulp-rpm-plugins-2.1.1-1.el6sat.noarch
* pulp-selinux-2.1.1-1.el6sat.noarch
* pulp-server-2.1.1-1.el6sat.noarch
* python-ldap-2.3.10-1.el6.x86_64
* ruby193-rubygem-ldap_fluff-0.2.2-1.el6sat.noarch
* ruby193-rubygem-net-ldap-0.3.1-2.el6sat.noarch
* signo-0.0.16-1.el6sat.noarch
* signo-katello-0.0.16-1.el6sat.noarch

Comment 3 RHEL Program Management 2013-06-12 18:33:24 UTC
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

Comment 7 Marek Hulan 2013-10-15 09:13:24 UTC
I'm unable to reproduce with latest version. Could you please update the procedure or close?

Comment 9 Bryan Kearney 2014-03-12 22:58:11 UTC
Closing old bugs which are not relevant based on new UI and CLI


Note You need to log in before you can comment on or make changes to this bug.