Project

General

Profile

Bug #13828

Updated by Ohad Levy over 4 years ago

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1192414
Description of problem:
Unprivileged user can see Administer -> Bookmarks

Version-Release number of selected component (if applicable):
Satellite-6.1.0-RHEL-6-20150210.0-Satellite-x86_64

How reproducible:
always

Steps to Reproduce:
1. Login with admin user
2. Switch to "Any context" and create user without any location, org and role
3. Logout with admin user and login with newly created user

Actual results:
The unprivileged user can access Administer -> Bookmarks. He can not get details about these bookmarks, details about these bookmarks, but see them.

Other items user can see - but I do consider them OK:
* org/loc switcher which is basically empty and without links to manage org/loc
* Monitor with only sub-item Tasks and that page is empty - this probably
makes sense as maybe it might happen the unprivileged user have some tasks
running (?)
* Red Hat Access menu (upper right corner of the page) with "Search",
"My Cases" and "Open New Case" which probably makes sense

Expected results:
IMO whole "Administer" menu should be hidden in this case.

Additional info:
Noticed while testing bug 1112182

Back