Project

General

Profile

Actions

Feature #6321

closed

Bastion pages should enforce permissions when entering the page

Added by Walden Raines over 10 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Web UI
Target version:
Difficulty:
medium
Triaged:
Yes
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1111695
Description of problem:

In other words you can copy/paste a URL and visit a Bastion page directly even if you don't have permissions to visit that page.

Version-Release number of selected component (if applicable):

Latest.

How reproducible:

Always.

Steps to Reproduce:
1. Create a role
2. Add a single filter to the role
3. Create a user
4. Add the role from step 1 to the user
5. Logout
6. Login as the user from step 3
7. Visit another bastion page not governed by the permission created in step 2
8. Note you can access the page (but nothing is displayed as the REST calls result in 403s).

Actual results:

You can access the page (but nothing is displayed as the REST calls result in 403s).

Expected results:

A message that tells the user they don't have permission to view this page
Additional info:


Related issues 1 (0 open1 closed)

Related to Katello - Feature #5217: As a user, I should have CRUD permissions for all entities that are exposed to me.Closed04/16/2014Actions
Actions #1

Updated by Walden Raines over 10 years ago

  • Related to Feature #5217: As a user, I should have CRUD permissions for all entities that are exposed to me. added
Actions #2

Updated by Eric Helms over 10 years ago

  • Target version set to 48
  • Difficulty set to easy
  • Triaged set to Yes
Actions #3

Updated by Walden Raines over 10 years ago

  • Difficulty changed from easy to medium
Actions #4

Updated by Walden Raines over 10 years ago

  • Tracker changed from Bug to Feature
  • Subject changed from Bastion pages do not enforce permissions when entering the page to Bastion pages should enforce permissions when entering the page
Actions #5

Updated by Walden Raines over 10 years ago

  • Status changed from New to Assigned
Actions #6

Updated by Walden Raines over 10 years ago

  • Status changed from Assigned to Ready For Testing
Actions #7

Updated by Eric Helms over 10 years ago

  • Target version changed from 48 to 49
Actions #8

Updated by The Foreman Bot over 10 years ago

  • Pull request https://github.com/Katello/katello/pull/4382 added
Actions #9

Updated by Walden Raines over 10 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #10

Updated by Eric Helms over 10 years ago

  • Translation missing: en.field_release set to 13
Actions

Also available in: Atom PDF