Bug #16884

Create permissions do not check filter limits

Added by Marek Hulán 8 months ago. Updated 10 days ago.

Status:Ready For Testing
Priority:Normal
Assigned To:Marek Hulán
Category:Authorization
Target version:Team Marek backlog
Difficulty: Bugzilla link:1384035
Found in release: Pull request:https://github.com/theforeman/foreman/pull/4030
Story points-
Velocity based estimate-

Description

Description of problem:
The user is able to create resource in taxonomies which were not added/associated to resource filter of role.
Also the search condition is ignored on creation.

Version-Release number of selected component (if applicable):
Foreman 1.5+ (including 1.14-dev) / Satellite 6.3 snap 3.0

How reproducible:
Always

Steps to Reproduce:
1. Create role with Organization A and Location A taxonomies.
2. Create a filter for resource type for which taxonomies can be applied and without overriding it.
e.g Domain Filter
3. Create a new user with different taxonomies than above role. Suppose Organization B and Location B.
4. Assign the role to user.
5. Login with new user.
6. Attempt to create a domain(or any resource type filter added in role) in user taxonomies(which are not the same as filter taxonomies).

Similarly in step 3, search condition can be specified, e.g. name ~ a

Actual results:
1. Create permission is not honoring the resourse filter limits.
2. The resource is created in the user associated taxonomies which are not permitted by resource filter.

Similarly the resource is created if name ~ a condition was specified in filter and name "b" was used.

Expected results:
1.Create permissions should check filter limits.
2. The resource should not be created by user in taxonomies to which filter doesn't gives permission.
3. Some informative message should be displayed for unable to create resource due to no permissions from resource filter end.


Related issues

Related to Foreman - Tracker #4552: New permissions/authorization system issues New 03/05/2014

History

#1 Updated by Marek Hulán 8 months ago

  • Subject changed from Create permissions do not check filter limits to Create permissions do not check filter limits
  • Target version set to Team Marek backlog

#2 Updated by Marek Hulán 8 months ago

  • Related to Tracker #4552: New permissions/authorization system issues added

#3 Updated by Marek Hulán 7 months ago

  • Target version changed from Team Marek backlog to Team Marek Iteration 5

#4 Updated by Marek Hulán 7 months ago

  • Status changed from New to Assigned
  • Assigned To set to Marek Hulán

#5 Updated by Marek Hulán 7 months ago

  • Target version changed from Team Marek Iteration 5 to Team Marek Iteration 6

#6 Updated by The Foreman Bot 6 months ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/4030 added

#7 Updated by Marek Hulán 6 months ago

  • Target version changed from Team Marek Iteration 6 to Team Marek Iteration 7

#8 Updated by Marek Hulán 5 months ago

  • Target version changed from Team Marek Iteration 7 to Team Marek Iteration 8

#9 Updated by Marek Hulán 5 months ago

  • Target version changed from Team Marek Iteration 8 to Team Marek Iteration 9

#10 Updated by Marek Hulán 4 months ago

  • Target version changed from Team Marek Iteration 9 to Team Marek Iteration 10

#11 Updated by Marek Hulán 3 months ago

  • Target version changed from Team Marek Iteration 10 to Team Marek Iteration 11

#12 Updated by Marek Hulán 2 months ago

  • Target version changed from Team Marek Iteration 11 to Team Marek Iteration 12

#13 Updated by Marek Hulán about 1 month ago

  • Target version changed from Team Marek Iteration 12 to Team Marek Iteration 13

#14 Updated by Marek Hulán 15 days ago

  • Target version changed from Team Marek Iteration 13 to Team Marek Iteration 14

#15 Updated by Marek Hulán 10 days ago

  • Target version changed from Team Marek Iteration 14 to Team Marek Iteration 15

#16 Updated by Marek Hulán 10 days ago

  • Target version changed from Team Marek Iteration 15 to Team Marek backlog

Also available in: Atom PDF