Project

General

Custom queries

Profile

Actions
Copy link

Bug #15276

closed

Viewer role user can manage Content Views

Added by Zach Huntington-Meath almost 9 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Zach Huntington-Meath
Category:
Users, Roles and Permissions
Target version:
1.12.1
Difficulty:
Triaged:
Bugzilla link:
1341656
Pull request:
https://github.com/theforeman/foreman/pull/3570
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1341656
Description of problem:
User with Viewer role assigned can create/update/publish/promote/remove Content Views, even the existing ones!!!

Version-Release number of selected component (if applicable):
6.2.0-Snap13.1

How reproducible:
always

Steps to Reproduce:
0. Prepare some content, some CVs under admin account
1. Create a user with just Viewer role assigned
2. Login as viewer user and navigate to Content -> Content Views
3. Have a "good play" with admin content

Actual results:
predefined role grants unexpected permissions

Expected results:
predefined role grants only expected permissions

#1

Updated by The Foreman Bot almost 9 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/3570 added
#2

Updated by Dominic Cleal almost 9 years ago

  • Category set to Users, Roles and Permissions
  • Assignee set to Zach Huntington-Meath
#3

Updated by Marek Hulán almost 9 years ago

  • Translation missing: en.field_release set to 160
#4

Updated by Dominic Cleal almost 9 years ago

  • Translation missing: en.field_release changed from 160 to 161
#6

Updated by Zach Huntington-Meath almost 9 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF