Feature #6321
closed
Bastion pages should enforce permissions when entering the page
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1111695
Description of problem:
In other words you can copy/paste a URL and visit a Bastion page directly even if you don't have permissions to visit that page.
Version-Release number of selected component (if applicable):
Latest.
How reproducible:
Always.
Steps to Reproduce:
1. Create a role
2. Add a single filter to the role
3. Create a user
4. Add the role from step 1 to the user
5. Logout
6. Login as the user from step 3
7. Visit another bastion page not governed by the permission created in step 2
8. Note you can access the page (but nothing is displayed as the REST calls result in 403s).
Actual results:
You can access the page (but nothing is displayed as the REST calls result in 403s).
Expected results:
A message that tells the user they don't have permission to view this page
Additional info:
Updated by Walden Raines over 10 years ago
- Related to Feature #5217: As a user, I should have CRUD permissions for all entities that are exposed to me. added
Updated by Eric Helms over 10 years ago
- Target version set to 48
- Difficulty set to easy
- Triaged set to Yes
Updated by Walden Raines over 10 years ago
- Difficulty changed from easy to medium
Updated by Walden Raines over 10 years ago
- Tracker changed from Bug to Feature
- Subject changed from Bastion pages do not enforce permissions when entering the page to Bastion pages should enforce permissions when entering the page
Updated by Walden Raines over 10 years ago
- Status changed from Assigned to Ready For Testing
Updated by The Foreman Bot over 10 years ago
- Pull request https://github.com/Katello/katello/pull/4382 added
Updated by Walden Raines over 10 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset katello|461630b5b54ab25b57dd422193b4679c425a6e60.
Updated by Eric Helms over 10 years ago
- Translation missing: en.field_release set to 13