Create permissions do not check filter limits
|Assigned To:||Marek Hulán|
|Target version:||Team Marek Iteration 18|
|Found in release:||Pull request:||https://github.com/theforeman/foreman/pull/4030, https://github.com/theforeman/foreman/pull/4705|
|Velocity based estimate||-|
Description of problem:
The user is able to create resource in taxonomies which were not added/associated to resource filter of role.
Also the search condition is ignored on creation.
Version-Release number of selected component (if applicable):
Foreman 1.5+ (including 1.14-dev) / Satellite 6.3 snap 3.0
Steps to Reproduce:
1. Create role with Organization A and Location A taxonomies.
2. Create a filter for resource type for which taxonomies can be applied and without overriding it.
e.g Domain Filter
3. Create a new user with different taxonomies than above role. Suppose Organization B and Location B.
4. Assign the role to user.
5. Login with new user.
6. Attempt to create a domain(or any resource type filter added in role) in user taxonomies(which are not the same as filter taxonomies).
Similarly in step 3, search condition can be specified, e.g. name ~ a
1. Create permission is not honoring the resourse filter limits.
2. The resource is created in the user associated taxonomies which are not permitted by resource filter.
Similarly the resource is created if name ~ a condition was specified in filter and name "b" was used.
1.Create permissions should check filter limits.
2. The resource should not be created by user in taxonomies to which filter doesn't gives permission.
3. Some informative message should be displayed for unable to create resource due to no permissions from resource filter end.