Bug #6362
closed
top level menu item "Content" visible to normal user without any permission
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1112182
Description of problem:
I created a simple user in "Any context" mode and did not assign any location, org and roles. But following menus are visible to that user.
Ideally user shouldn't be allowed to have access to any of menu items without any permission. Though content menu doesn't list sub menus but Hosts menu shows "All Hosts" and user can see the created hosts.
Version-Release number of selected component (if applicable):
sat6 beta snap10 compose2
How reproducible:
always
Steps to Reproduce:
1. Login with admin user
2. create a user in "Any context" and do not assign location and org
3. logout with admin user and login with newly created user
Actual results:
User can see Content menu and Hosts --> All hosts
Expected results:
user shouldn't be allowed to have access to any of menu items without any permission
Additional info:
Updated by Dominic Cleal over 10 years ago
- Category set to Authentication
- Assignee deleted (
Dominic Cleal)
It reads to me like the issue is with the menu system not removing the top-level "Content" menu when the user has permission for nothing inside the Katello plugin.
Updated by The Foreman Bot about 10 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/2078 added
Updated by Anonymous about 10 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 795b9287bae5ee941331e4291eec6570e8a1ce62.
Updated by Dominic Cleal about 10 years ago
- Assignee set to Stephen Benjamin
- Translation missing: en.field_release set to 30