Bug #33371
closedNon-admin users can not list their Personal Access Tokens
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1996048
Description of problem:
Non-admin users are unable to see the Personal Access Tokens that they created.
Adding the `view_users` permission to the non-admin user fixes the issue.
However, the user should be able to list his tokens without the need of assigning the `view_users` permission that exposes the user list to the non-admin user.
Exposing the user list might not be acceptable in some customer environments.
Version-Release number of selected component (if applicable):
foreman-2.5.2.4-1.el7sat.noarch
How reproducible:
always
Steps to Reproduce:
1. create a role with Personal access token filter
and unrestricted permissions
view_personal_access_tokens, create_personal_access_tokens, revoke_personal_access_tokens
2. assign a role to non-admin user
3. log out and log in as a non-admin user
4. username -> my account -> personal access tokens tab
5. create a token
6. click Submit and go back to username -> my account -> personal access tokens tab to list the tokens
Actual results:
The non-admin user is not able to list its Personal access tokens without having the `view_users` permission assigned.
Expected results:
The non-admin user is able to list its Personal access tokens without having the `view_users` permission assigned.