-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
3
-
False
-
Artemis Prioritized Backlog
-
sat-artemis
-
None
-
None
-
None
-
None
<pre>
- grep -Prl 'assert_protected_action([^,], [^,], [^,]+)' test
test/controllers/api/v2/content_view_filter_rules_controller_test.rb
test/controllers/api/v2/module_streams_controller_test.rb
test/controllers/api/v2/content_view_deb_filter_rules_controller_test.rb
test/controllers/api/v2/content_view_histories_controller_test.rb
test/controllers/api/v2/content_view_repositories_controller_test.rb
test/controllers/api/v2/file_units_controller_test.rb
test/controllers/api/v2/flatpak_remote_repositories_controller_test.rb
test/controllers/api/v2/host_autocomplete_controller_test.rb
test/controllers/api/v2/host_debs_controller_test.rb
test/controllers/api/v2/host_module_streams_controller_test.rb
test/controllers/api/v2/host_packages_controller_test.rb
test/controllers/api/v2/host_subscriptions_controller_test.rb
test/controllers/api/v2/hosts_bulk_actions_controller_test.rb
test/controllers/api/v2/products_controller_test.rb
test/controllers/api/v2/package_groups_controller_test.rb
test/controllers/api/v2/content_view_versions_controller_test.rb
</pre>
As far content_view_repositories_controller_test.rb goes, it seems to boil down to ContentViewRepositoriesController not checking permissions at all when looking up the content view https://github.com/Katello/katello/blob/master/app/controllers/katello/api/v2/content_view_repositories_controller.rb#L46 .
Some, such as ContentViewRepositoriesController are a real problem, while others (ProductsControllerTest) are just unfortunately written tests where stubbing shadows the behaviour the test is supposed to be testing.
