Bug #15276
closed
Viewer role user can manage Content Views
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1341656
Description of problem:
User with Viewer role assigned can create/update/publish/promote/remove Content Views, even the existing ones!!!
Version-Release number of selected component (if applicable):
6.2.0-Snap13.1
How reproducible:
always
Steps to Reproduce:
0. Prepare some content, some CVs under admin account
1. Create a user with just Viewer role assigned
2. Login as viewer user and navigate to Content -> Content Views
3. Have a "good play" with admin content
Actual results:
predefined role grants unexpected permissions
Expected results:
predefined role grants only expected permissions
Updated by The Foreman Bot over 8 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/3570 added
Updated by Dominic Cleal over 8 years ago
- Category set to Users, Roles and Permissions
- Assignee set to Zach Huntington-Meath
Updated by Marek Hulán over 8 years ago
- Translation missing: en.field_release set to 160
Updated by Dominic Cleal over 8 years ago
- Translation missing: en.field_release changed from 160 to 161
Going to move this earlier if that's OK Marek, it looks like a valuable bug fix.
Updated by Zach Huntington-Meath over 8 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 44c3e9e13fe51d6925989dd917cce3a310e7b826.