Project

General

Profile

Bug #25105

Updated by Michael Johnson over 5 years ago

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1630889  

 When user with Viewer role accesses Content -> Subscriptions page, $HOST/api/v2/settings/content_disconnected will be requested by browser. This endpoint return 403 error without explanation which permission is missing: 

 { 
   "error": {"message":"Access denied","details":"Missing one of the required permissions: "} 
 } 

 Version-Release number of selected component (if applicable): 
 katello-3.7.0-7 
 tfm-rubygem-katello-3.7.0.28-1 


 *Steps to Reproduce:* 
 1. Create new user with role "Viewer" (or any other role that has "view_subscriptions" in Subscription resource and "view_organizations" in Organization resource). Make sure it can access organization with manifest 
 2. Login as that user 
 3. Open Content -> Subscriptions 
 4. In web browser development tools, find request sent to $HOST/api/v2/settings/content_disconnected and read the response 

 *Expected results:* 
 Response contains information about permission that is required for endpoint to return data.

Back