Bug #18034
closedLifecycle environments not displayed correctly with restricted permissions
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1410919
Description of problem:
When using a user with restricted rights the lifecycle
environments are not correctly displayed in the web ui
Version-Release number of selected component (if applicable):
6.2.2 - 6.2.6
How reproducible:
100%
Steps to Reproduce:
1. The role assigned to the user has the following permission set
- hammer
u admin -p redhat role filters --id=22|-------------------------|-----------------------------------------------------------------|------------|---------|---------------------------------------------------------------------------------
---
ID | RESOURCE TYPE | SEARCH | UNLIMITED? | ROLE | PERMISSIONS
----|-------------------------|-----------------------------------------------------------------|------------|---------|---------------------------------------------------------------------------------
167 | Katello::Product | name ~ "Test_*" || name ~ "rhel7*" | no | Limited | view_products, create_products, edit_products, destroy_products, sync_product...
168 | Katello::System | host_collection ~ "Test_*_Dev" || host_collection ~ "Test_*_QA" | no | Limited | view_content_hosts, edit_content_hosts
169 | Katello::ContentView | name ~ "Test_*" || name ~ "rhel7*" | no | Limited | view_content_views, create_content_views, edit_content_views, destroy_content...
170 | Host | host_collection ~ "Test_*_Dev" || host_collection ~ "Test_*_QA" | no | Limited | view_hosts, edit_hosts
171 | Katello::HostCollection | name ~ "Test_*_Dev" || name ~ "Test_*_QA" | no | Limited | view_host_collections, edit_host_collections
172 | JobInvocation | none | yes | Limited | create_job_invocations, view_job_invocations
173 | Katello::KTEnvironment | name ~ Dev || name ~ QA | no | Limited | view_lifecycle_environments, edit_lifecycle_environments, promote_or_remove_c...
174 | Katello::ActivationKey | name ~ ak_test | no | Limited | view_activation_keys, create_activation_keys, edit_activation_keys, destroy_a...
176 | Organization | none | yes | Limited | view_organizations, assign_organizations, view_subscriptions, attach_subscrip...
----|-------------------------|-----------------------------------------------------------------|------------|---------|---------------------------------------------------------------------------------
2. Show all the environments with hammer
- hammer
u admin -p redhat lifecycle-environment list --organization ACME|---------|--------
--
ID | NAME | PRIOR
---|---------|--------
3 | test2 | Library
2 | test | Library
5 | qa2 | test2
4 | qa1 | test
7 | QA | Library
1 | Library |
6 | Dev | Library
---|---------|--------
3. Verify the restriction with hammer
- hammer
u limited -p redhat lifecycle-environment list --organization ACME|------|--------
--
ID | NAME | PRIOR
---|------|--------
5 | qa2 | test2
4 | qa1 | test
7 | QA | Library
6 | Dev | Library
---|------|--------
4. Login to the web ui as the limited user and navigate to the lifecycle
environments page
Actual results:
The title bars for each of the lifecycle environment tables have been
suppressed but the actual counts of Content Views and Content Hosts are still
visible.
Expected results:
The lifecycle environments that the user is authorized to see are shown
and all others are suppressed.