Bug 1090627
| Summary: | [RFE][L-8] Copy EVM-Super_administrator role does not actually copy all permissions | ||
|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Bill Helgeson <bhelgeso> |
| Component: | UI - OPS | Assignee: | Keenan Brock <kbrock> |
| Status: | CLOSED ERRATA | QA Contact: | Nandini Chandra <nachandr> |
| Severity: | high | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5.2.0 | CC: | cpelland, dmetzger, gblomqui, hkataria, jhardy, jocarter, kborole, kbrock, lavenel, mfeifer, mpovolny, obarenbo, rovalent, smallamp, xlecauch |
| Target Milestone: | MVP | Keywords: | FutureFeature, RFE |
| Target Release: | 5.10.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | rbac | ||
| Fixed In Version: | 5.10.0.0 | Doc Type: | Enhancement |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-02-07 23:02:13 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | CFME Core | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1555371 | ||
|
Description
Bill Helgeson
2014-04-23 19:20:49 UTC
Xav, we have always treated super admin special, so much so that we always allow super admin to sign in even if an external authentication system is active. We have no real way of identifying that a role is "super", except the one we ship with the product that we identify by name. Should this be an RFE to figure out a way to identify user created roles as super so we can allow them all of the super admin capabilities? New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/db76d9632ceeab8f58f8375dc8d95f864680e970 commit db76d9632ceeab8f58f8375dc8d95f864680e970 Author: Keenan Brock <keenan> AuthorDate: Tue May 15 16:53:19 2018 -0400 Commit: Keenan Brock <keenan> CommitDate: Tue May 15 16:53:19 2018 -0400 use features to check if a role is an admin role the role name used to determine if it were https://bugzilla.redhat.com/show_bug.cgi?id=1090627 app/models/miq_group.rb | 6 +- app/models/miq_product_feature.rb | 4 +- app/models/miq_user_role.rb | 12 +- app/models/user.rb | 9 +- db/fixtures/miq_product_features.yml | 5 + db/fixtures/miq_user_roles.yml | 1 + lib/rbac/filterer.rb | 5 +- spec/factories/miq_user_role.rb | 13 +- spec/lib/task_helpers/exports/roles_spec.rb | 2 +- 9 files changed, 40 insertions(+), 17 deletions(-) New commit detected on ManageIQ/manageiq-api/master: https://github.com/ManageIQ/manageiq-api/commit/bf3b8020a4d71a1962df35182327b64761e4da7f commit bf3b8020a4d71a1962df35182327b64761e4da7f Author: Keenan Brock <keenan> AuthorDate: Thu May 24 19:24:19 2018 -0400 Commit: Keenan Brock <keenan> CommitDate: Thu May 24 19:24:19 2018 -0400 use request_admin_user? the generic admin is phased out. Instead we are using the actual property. `request_admin_user?` is a shortcut for request superadmin privs https://bugzilla.redhat.com/show_bug.cgi?id=1090627 app/controllers/api/automation_requests_controller.rb | 4 +- app/controllers/api/provision_requests_controller.rb | 4 +- app/controllers/api/requests_controller.rb | 4 +- app/controllers/api/service_requests_controller.rb | 4 +- spec/requests/automation_requests_spec.rb | 4 +- spec/requests/provision_requests_spec.rb | 6 +- spec/requests/requests_spec.rb | 4 +- spec/requests/service_requests_spec.rb | 4 +- 8 files changed, 17 insertions(+), 17 deletions(-) New commit detected on ManageIQ/manageiq-ui-classic/master: https://github.com/ManageIQ/manageiq-ui-classic/commit/326f3f68d36e88b39a88f67580e93ef145921f73 commit 326f3f68d36e88b39a88f67580e93ef145921f73 Author: Keenan Brock <keenan> AuthorDate: Mon May 21 10:59:58 2018 -0400 Commit: Keenan Brock <keenan> CommitDate: Mon May 21 10:59:58 2018 -0400 Use {report,request}_admin_user? https://bugzilla.redhat.com/show_bug.cgi?id=1090627 app/controllers/application_controller.rb | 4 +- app/controllers/application_controller/current_user.rb | 6 +- app/controllers/chargeback_controller.rb | 2 +- app/controllers/configuration_controller.rb | 14 +- app/controllers/report_controller.rb | 2 +- app/controllers/report_controller/menus.rb | 6 +- app/controllers/report_controller/saved_reports.rb | 2 +- app/helpers/application_helper/button/miq_request_delete.rb | 2 +- app/presenters/tree_builder_report_saved_reports.rb | 4 +- app/views/layouts/_adv_search_body.html.haml | 2 +- app/views/layouts/_adv_search_footer.html.haml | 2 +- spec/controllers/report_controller/widget_spec.rb | 2 +- spec/helpers/application_helper/buttons/miq_request_delete_spec.rb | 2 +- 13 files changed, 25 insertions(+), 25 deletions(-) Thanks all verified in 5.10.0.4 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:0212 |