Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 163834 - Java Security for System Profiles
Summary: Java Security for System Profiles
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Network
Classification: Red Hat
Component: RHN/R&D
Version: RHN Devel
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Ken Ganong
QA Contact: Mike McCune
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-07-21 14:35 UTC by Ken Ganong
Modified: 2007-04-18 17:29 UTC (History)
1 user (show)

Fixed In Version: RHN 4.0.0
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-09-01 02:35:24 UTC


Attachments (Terms of Use)

Description Ken Ganong 2005-07-21 14:35:58 UTC
Currently, the java code does not test whether a system profile is actually
viewable by the logged in user.  Go to Systems->click a
system->Packages->Profiles ->Compare to Profile.  Here, you can change the prid
in the url and access another person's profile (or at least produce a 500 error).

Comment 1 Mike McCune 2005-07-22 21:19:48 UTC
Moving to rhn400-must instead of toplevel.  Ken, this will need a test plan.

Comment 2 Ken Ganong 2005-07-25 14:46:16 UTC
Test Plan

Find an id for a system profile of a different org.  Note: System Profiles are
restricted by org, not by user because of limitations of our current data model.

Login->Go to Systems->Click a system->Packages->Profiles->Compare to Profile->
modify the url so that the prid parameter equals the system profile you found in
the first step.

Expected Results: Lookup Error Page
Failure Results: A diff between the system and profile or 500 error.

Comment 3 Mike McCune 2005-07-29 23:36:30 UTC
will qa this

Comment 4 Mike McCune 2005-07-29 23:40:50 UTC
works fine. prod_ready.


Note You need to log in before you can comment on or make changes to this bug.