Actions
Bug #38727
closed
Autocomplete feature for search shows content that should be forbidden by RBAC
Description
1. Create domain called foo
2. Create a domain called bar
3. Create a role
4. Add view_domains permission to it, limit it by search to name ~ f*
5. Create a user
6. Give the role to the user
7. Log in as user
8. Go to infrastructure > domains
9. Put name = into the search bar
Expected results:
Autocomplete offers only domain foo.
Actual results:
Autocomplete offers both bar and foo domains.
Updated by Adam Ruzicka 4 months ago
- Related to Bug #37531: Autocomplete feature for search shows content from forbidden organization for user added
Updated by Adam Ruzicka 4 months ago
This issue talks about things which should be explicitly allowed (or forbidden) by RBAC, while 37531 talks about taxonomy scoping.
Updated by The Foreman Bot 4 months ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/10645 added
Updated by Adam Ruzicka 4 months ago
- Status changed from Ready For Testing to Closed
Applied in changeset foreman|4d0a073ce89cf2e1fd8cb4db3099999257c915f1.
Updated by Adam Ruzicka 4 months ago
- Related to Bug #38656: Autocomplete feature for search shows content from forbidden organization for user added
Actions