Project

General

Profile

Bug #6362

top level menu item "Content" visible to normal user without any permission

Added by Dominic Cleal about 5 years ago. Updated 12 months ago.

Status:
Closed
Priority:
Normal
Category:
Authentication
Target version:
Difficulty:
Triaged:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1112182
Description of problem:
I created a simple user in "Any context" mode and did not assign any location, org and roles. But following menus are visible to that user.

Ideally user shouldn't be allowed to have access to any of menu items without any permission. Though content menu doesn't list sub menus but Hosts menu shows "All Hosts" and user can see the created hosts.

Version-Release number of selected component (if applicable):
sat6 beta snap10 compose2

How reproducible:
always

Steps to Reproduce:
1. Login with admin user
2. create a user in "Any context" and do not assign location and org
3. logout with admin user and login with newly created user

Actual results:
User can see Content menu and Hosts --> All hosts

Expected results:
user shouldn't be allowed to have access to any of menu items without any permission

Additional info:

Associated revisions

Revision 795b9287 (diff)
Added by Stephen Benjamin over 4 years ago

fixes #6362 - correct menu dividers if user isn't auth for some actions

Revision 600cc8c9 (diff)
Added by Stephen Benjamin over 4 years ago

fixes #6362 - correct menu dividers if user isn't auth for some actions

(cherry picked from commit 795b9287bae5ee941331e4291eec6570e8a1ce62)

History

#1 Updated by Dominic Cleal about 5 years ago

  • Category set to Authentication
  • Assignee deleted (Dominic Cleal)

It reads to me like the issue is with the menu system not removing the top-level "Content" menu when the user has permission for nothing inside the Katello plugin.

#2 Updated by The Foreman Bot over 4 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/2078 added

#3 Updated by Anonymous over 4 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#4 Updated by Dominic Cleal over 4 years ago

  • Assignee set to Stephen Benjamin
  • Legacy Backlogs Release (now unused) set to 30

Also available in: Atom PDF