Project

General

Profile

Bug #30387

User can view bookmarks without assigning view_bookmarks permission in a role

Added by Shira Maximov over 1 year ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Users, Roles and Permissions
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1805740

Description of problem:
Non-admin user is able to view bookmarks without having view_bookmarks permissions.

Version-Release number of selected component (if applicable): Satellite 6.7

How reproducible: Always

Steps to Reproduce:
1. Create a user without any permission
2. Login to the satellite using the same user
3. Navigate to Administer -> Bookmarks.
4. User is able to view all bookmarks

Expected results: User should not able to view bookmarks without view_bookmarks permission


Related issues

Related to Foreman Remote Execution - Bug #32873: Do not check bookmark permissionsClosed

Associated revisions

Revision 81512f75 (diff)
Added by Tomer Brisker 4 months ago

Fixes #30387 - Remove `view_bookmarks` permission

Users should always be able to see public bookmarks and their own
bookmarks, a permission is not needed for this case.

History

#1 Updated by Aditi Puntambekar over 1 year ago

  • Assignee set to Aditi Puntambekar

#2 Updated by The Foreman Bot over 1 year ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/7822 added

#3 Updated by Tomer Brisker 7 months ago

Solution should be dropping view_bookmarks permission and allowing all users to view their own and global bookmarks

#4 Updated by Tomer Brisker 7 months ago

  • Category set to Users, Roles and Permissions

#5 Updated by Tomer Brisker 6 months ago

  • Assignee changed from Aditi Puntambekar to Tomer Brisker
  • Status changed from Ready For Testing to Assigned
  • Pull request deleted (https://github.com/theforeman/foreman/pull/7822)

#6 Updated by The Foreman Bot 6 months ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/8486 added

#7 Updated by The Foreman Bot 4 months ago

  • Fixed in Releases 3.0.0 added

#8 Updated by Tomer Brisker 4 months ago

  • Status changed from Ready For Testing to Closed

#9 Updated by Adam Ruzicka 4 months ago

  • Related to Bug #32873: Do not check bookmark permissions added

Also available in: Atom PDF