Uploaded image for project: 'Automation Hub'
  1. Automation Hub
  2. AAH-1888

User with any namespace upload role can upload to any namespace

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Normal Normal
    • None
    • crc-2022-09-07, 2.3
    • UI
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • None

      Description

      If a user is a member of any group with the "Upload to namespace" permission via a role, that user can upload to any namespace regardless of the groups associated with that namespace and lacking any group in common with the user.

      This seems to affect both cloud and on-prem for 4.6.0

      Steps to Reproduce

      1. Create a new user and a new group it is a member of.
      2. Create a new namespace and a new group it is attached to.
      3. Create a role with the upload permission and add this role to both groups.
      4. Attempt to upload a collection to this namespace with this user, expecting it to fail.

      Actual Behavior

      The user uploads the collection successfully.

      Expected Behavior

      The user should receive an error as they are not a member of any group associated with this namespace.

        1. Screen Shot 2022-08-26 at 11.14.07-fullpage.png
          Screen Shot 2022-08-26 at 11.14.07-fullpage.png
          306 kB
        2. Screen Shot 2022-08-26 at 11.10.59-fullpage.png
          Screen Shot 2022-08-26 at 11.10.59-fullpage.png
          321 kB

              Unassigned Unassigned
              cspealma@redhat.com Clara Spealman (Inactive)
              Archiver:
              ranumula@redhat.com Raju Anumula

                Created:
                Updated:
                Resolved:
                Archived: