Plugins » Katello

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1111695
Description of problem:

In other words you can copy/paste a URL and visit a Bastion page directly even if you don't have permissions to visit that page.

Version-Release number of selected component (if applicable):

Latest.

How reproducible:

Always.

Steps to Reproduce:
1. Create a role
2. Add a single filter to the role
3. Create a user
4. Add the role from step 1 to the user
5. Logout
6. Login as the user from step 3
7. Visit another bastion page not governed by the permission created in step 2
8. Note you can access the page (but nothing is displayed as the REST calls result in 403s).

Actual results:

You can access the page (but nothing is displayed as the REST calls result in 403s).

Expected results:

A message that tells the user they don't have permission to view this page
Additional info: