Project

General

Profile

Bug #20006

User permissions for "Organization Selection"

Added by Josh Pavel over 2 years ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Difficulty:
easy
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

1.) Create a user account with rights to a specific org
2.) By default, user will login to "Any Org/Any Location"
3.) Try to access Katello resources (Content hosts, Products, Lifecycle, Activation Keys, etc.)
4.) Instead of the "Select an organization" page, user gets set to "/katello/403"

Workaround:
Users can first select their approved organization from the the top left drop down (requires education)
- alternatively -
Pin the users to their org upon login (doesn't work for LDAP IDs, which aren't "realized" until the user logs in the first time)

Expected behavior:
All users should have rights to the "select an organization" page; or better, if a user only has rights to a single org, they shouldn't have visibility to other orgs or the ability to pick another org.

History

#1 Updated by Justin Sherrill over 2 years ago

  • Legacy Backlogs Release (now unused) set to 114
  • Difficulty set to easy

Also available in: Atom PDF