Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 87412 - Permissions don't seem to work in Workflow Details
Summary: Permissions don't seem to work in Workflow Details
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Enterprise CMS
Classification: Retired
Component: other
Version: nightly
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Justin Ross
QA Contact: Jon Orris
URL:
Whiteboard:
Depends On:
Blocks: rc0blockers
TreeView+ depends on / blocked
 
Reported: 2003-03-26 19:02 UTC by Jon Orris
Modified: 2007-04-18 16:52 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2003-07-09 20:43:28 UTC


Attachments (Terms of Use)

Description Jon Orris 2003-03-26 19:02:27 UTC
In the workflow details page, there seem to be no permission checks. For
example, a user with Author role can finish all tasks, and publish an item.

Comment 1 Justin Ross 2003-06-24 21:15:55 UTC
Fixed in perforce 32809.  Also, as of this change, all the tabs of the section
UI, with the exception of the roles tab, have been audited for visibility and
form submission security checks.

Comment 2 Jon Orris 2003-06-30 17:12:13 UTC
Still no permissions @33049/Oracle.
Log in as a user in Authoring role.
Can finish authoring task (of course).
Can then finish the Approval & Deployment tasks & publish the article.

Comment 3 Justin Ross 2003-07-07 20:38:11 UTC
Perforce 33333 (what a pleasing change number) prevents users without the
SCHEDULE_PUBLICATION privilege from submitting the apply lifecycle form.  More
work on this ticket to come.

Comment 4 Justin Ross 2003-07-09 06:02:14 UTC
Fixed with perforce changes 33368 and 33377.


Note You need to log in before you can comment on or make changes to this bug.