Bug #1632
Unable to strip foreman down to nothing but a report viewer
| Status: | New | Start: | 05/18/2012 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assigned to: | - | % Done: | 0% |
|
| Category: | Authorization | |||
| Target version: | - | |||
| Backlog: | No | Difficulity: | ||
| Votes: | 0 |
Description
Installed version: debian squeeze package 0.4.2-1
Steps to reproduce:
1. Create a role named 'guest'
2. Uncheck all permissions (uncheck/check all buttons do not work though) but leave only report ACLs enabled
- view_reports
- delete_reports
3. Create a user named 'guest' and assign to 'guest' role
4. Login as guest
This user still has access to 'hosts' and 'more' (although no submenus are available in the 'more' section).
There seems to be a strange relationship between the Anonymous role and other roles though. Disabling the 'hosts' related ACLs in the Anonymous role results in a permissions related error. It appears that the login redirection takes the logged in user straight to the 'hosts' area of the site.
What I'd really love is to be able to get the Anonymous role working so that only reports are available. This way, logins wouldn't be required at all just to view this subset of functionality.
Thanks
