Bug 1129938 - YaST Configuration Management module is able to edit a readonly field
Summary: YaST Configuration Management module is able to edit a readonly field
Status: CONFIRMED
Alias: None
Product: Beta SUSE Linux Enterprise Server 15 SP1
Classification: SUSE Linux Enterprise Server
Component: YaST2 (show other bugs)
Version: RC 1
Hardware: x86-64 SLES 15
: P3 - Medium : Normal
Target Milestone: ---
Assignee: YaST Team
QA Contact: Jiri Srain
URL: https://trello.com/c/BdE2MUbU/
Whiteboard:
Keywords:
Depends on: 1129936 1129937
Blocks: 1129940
  Show dependency treegraph
 
Reported: 2019-03-20 14:52 UTC by Joaquín Rivera
Modified: 2019-03-27 10:45 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Joaquín Rivera 2019-03-20 14:52:21 UTC 
+++ This bug was initially created as a clone of Bug #1129937 +++

During testing of jsc#SLE-2995 and playing editing form.yml to create different visualizations, it was found that:

- `$scope: readonly` combined with $default allows to edit a field.

It is easy to check using a small portion of this example:
https://github.com/yast/yast-configuration-management/blob/master/test/fixtures/formulas-ng/test-formula/form.yml

Expectation:
According to documentation in: https://www.suse.com/documentation/suse-manager-3/3.2/susemanager-best-practices/html/book.suma.best.practices/best.practice.salt.formulas.and.forms.html#best.practice.salt.formulas.pillar

The $scope: readonly option makes a field read-only.
It can be used to show a user data which should be known, but should not be editable.
This option only makes sense in combination with the $default attribute.
Comment 1 Imobach Gonzalez Sosa 2019-03-21 09:13:45 UTC 
Moving the bug to our Trello board: https://trello.com/c/BdE2MUbU/