Bug #15276: Viewer role user can manage Content Views - Foreman

Actions

Copy link

Bug #15276

closed

Viewer role user can manage Content Views

Added by Zach Huntington-Meath over 8 years ago. Updated over 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Zach Huntington-Meath

Category:

Users, Roles and Permissions

Target version:

1.12.1

Difficulty:

Triaged:

Bugzilla link:

1341656

Pull request:

https://github.com/theforeman/foreman/pull/3570

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1341656
Description of problem:
User with Viewer role assigned can create/update/publish/promote/remove Content Views, even the existing ones!!!

Version-Release number of selected component (if applicable):
6.2.0-Snap13.1

How reproducible:
always

Steps to Reproduce:
0. Prepare some content, some CVs under admin account
1. Create a user with just Viewer role assigned
2. Login as viewer user and navigate to Content -> Content Views
3. Have a "good play" with admin content

Actual results:
predefined role grants unexpected permissions

Expected results:
predefined role grants only expected permissions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Custom queries

Bug #15276

Viewer role user can manage Content Views

Updated by The Foreman Bot over 8 years ago

Updated by Dominic Cleal over 8 years ago

Updated by Marek Hulán over 8 years ago

Updated by Dominic Cleal over 8 years ago

Updated by Marek Hulán over 8 years ago

Updated by Zach Huntington-Meath over 8 years ago