Bug #15460
closed
On upgraded Satellite Viewer role user still can manage Content Views
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1346352
Description of problem:
On upgraded Satellite Viewer role user still can manage Content Views.
as BZ 1341656 fixed only fresh Satellite installation.
With upgrades it's a bit tricky, the above fix avoids to modify existing roles filters as they can be already modified by Satellite admin. But still I would at least remove all perms that was wrongly matched on Sat6.1 as no one (read no customer) would expect/set Viewer role to have managing perms...
Version-Release number of selected component (if applicable):
Sat6.2.0-Snap15.1
How reproducible:
always
Steps to Reproduce:
1. Upgrade satellite
2. Prepare some content, some CVs under admin account
3. Create a user with just Viewer role assigned
4. Login as viewer user and navigate to Content -> Content Views
5. Have a "good play" with admin content
Actual results:
wrongly assigned perms to Viewer role from Sat6.1 still persists on Sat6.2
Expected results:
wrongly assigned perms to Viewer role dont persist on Sat6.2
Additional info:
can be workarounded: remove all filters that dont match "^view_*" from Viewer role.
Updated by The Foreman Bot over 8 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/Katello/katello/pull/6137 added
Updated by Justin Sherrill over 8 years ago
- Priority changed from Normal to Urgent
- Translation missing: en.field_release set to 168
- Difficulty set to easy
Updated by Zach Huntington-Meath over 8 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset katello|118ea637834534dbe470dee14b868ae74567ccdf.