Bug #35153: Katello 403 after pressing Sync button on a repository page - Katello - Foreman

Actions

Copy link

Bug #35153

closed

Katello 403 after pressing Sync button on a repository page

Added by Rossen G almost 2 years ago. Updated 7 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Samir Jha

Category:

Roles and Permissions

Target version:

Katello 4.7.0

Difficulty:

Triaged:

Yes

Bugzilla link:

Pull request:

https://github.com/Katello/katello/pull/10378, https://github.com/Katello/katello/pull/10385, https://github.com/Katello/katello/pull/10743

Fixed in Releases:

Katello 4.8.0

Found in Releases:

Katello 3.14.1, Katello 3.16.2, Katello 3.18.5, Katello 4.4.1

Red Hat JIRA:

Description

I've created a user with a role limiting permissions to only be able to manage products and repositories. Includes permission to see tasks.]

1. Inside a product, select repository, and press "Sync Now", leads to task page with the sync task
2. Inside the repository, selecting either "Sync Now" or "Advanced Sync", leads to a Katello 403 page. The sync task is still created.

The issue is in that second case. Admin users do not experience the issue.

Actions

Copy link

Updated by Lucy Fu almost 2 years ago

Target version set to Katello Backlog

Looks like an issue with permissions. Could you please provide information so we can reproduce the issue?
Thank you.

Actions

Copy link

Updated by Rossen G almost 2 years ago

What kind of information do you need?

1. Create a non admin account, create role that has all product permission, give the role to the user so that the user has the role + default.
2. Create a product and repository
3. Go on the repository settings page, and select sync from the action menu top right
4. Get katello 403 error page

Actions

Copy link