Bug 1129938

Summary: YaST Configuration Management module is able to edit a readonly field
Product: [SUSE Linux Enterprise Server] Beta SUSE Linux Enterprise Server 15 SP1 Reporter: Joaquín Rivera <jeriveramoya>
Component: YaST2Assignee: YaST Team <yast-internal>
Status: CONFIRMED --- QA Contact: Jiri Srain <jsrain>
Severity: Normal    
Priority: P3 - Medium CC: igonzalezsosa, lubos.kocman
Version: RC 1   
Target Milestone: ---   
Hardware: x86-64   
OS: SLES 15   
URL: https://trello.com/c/BdE2MUbU/
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 1129936, 1129937    
Bug Blocks: 1129940    

Description Joaquín Rivera 2019-03-20 14:52:21 UTC 
+++ This bug was initially created as a clone of Bug #1129937 +++

During testing of jsc#SLE-2995 and playing editing form.yml to create different visualizations, it was found that:

- `$scope: readonly` combined with $default allows to edit a field.

It is easy to check using a small portion of this example:
https://github.com/yast/yast-configuration-management/blob/master/test/fixtures/formulas-ng/test-formula/form.yml

Expectation:
According to documentation in: https://www.suse.com/documentation/suse-manager-3/3.2/susemanager-best-practices/html/book.suma.best.practices/best.practice.salt.formulas.and.forms.html#best.practice.salt.formulas.pillar

The $scope: readonly option makes a field read-only.
It can be used to show a user data which should be known, but should not be editable.
This option only makes sense in combination with the $default attribute.
Comment 1 Imobach Gonzalez Sosa 2019-03-21 09:13:45 UTC 
Moving the bug to our Trello board: https://trello.com/c/BdE2MUbU/