Bug 1103131
Summary: | User couldn't add global team(the user is a member of) as a member by team name when doesn't have view_global_teams permission | |||
---|---|---|---|---|
Product: | OpenShift Online | Reporter: | Gaoyun Pei <gpei> | |
Component: | Pod | Assignee: | Jordan Liggitt <jliggitt> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | libra bugs <libra-bugs> | |
Severity: | medium | Docs Contact: | ||
Priority: | medium | |||
Version: | 2.x | CC: | jliggitt, jokerman, mmccomas | |
Target Milestone: | --- | Keywords: | UpcomingRelease | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1103145 (view as bug list) | Environment: | ||
Last Closed: | 2014-07-15 10:29:57 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1103145 |
Description
Gaoyun Pei
2014-05-30 10:55:33 UTC
Not a blocker for Online, since there are no global teams Will merge fix in https://github.com/openshift/origin-server/pull/5468 Commit pushed to master at https://github.com/openshift/origin-server https://github.com/openshift/origin-server/commit/1e14237ddb04b758734955b170fb1f11d0470641 Bug 1103131: Remove authorize! check and let Team.accessible() limit which global teams a user can see Verify this bug on devenv_4835. When a user don't have view_global_teams permission, he could search the global team by name which he is a member of. So he could add a global team as a member. [root@ip-10-203-168-223 ~]# rhc team list Team t1 ------- ID: 538d699abe9d9937e8000001 Global: true Members: gpei (view) You are a member of 1 team. [root@ip-10-203-168-223 ~]# rhc member-add t1 -n 444 --type team --global -d DEBUG: Using config file /root/.openshift/express.conf DEBUG: Authenticating with RHC::Auth::Token DEBUG: Connecting to https://localhost/broker/rest/api DEBUG: Finding domain 444 DEBUG: Client supports API versions 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7 DEBUG: Using token authentication DEBUG: Created new httpclient DEBUG: Request GET https://localhost/broker/rest/api DEBUG: SSL Verification failed -- Using self signed cert DEBUG: code 200 51 ms DEBUG: Server supports API versions 1.0, 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7 DEBUG: Using API version 1.7 DEBUG: Client API version 1.7 is not current. Refetching API DEBUG: Using token authentication DEBUG: Request GET https://localhost/broker/rest/api DEBUG: code 200 33 ms DEBUG: Using token authentication DEBUG: Request GET https://localhost/broker/rest/domain/444 DEBUG: code 200 36 ms Adding 1 editor to domain ... DEBUG: Searching teams DEBUG: Using token authentication DEBUG: Request GET https://localhost/broker/rest/teams?global=true search=t1 DEBUG: code 200 19 ms DEBUG: Using token authentication DEBUG: Request PATCH https://localhost/broker/rest/domain/444/members DEBUG: code 200 317 ms done [root@ip-10-203-168-223 ~]# rhc member list -n 444 Name Login Role Type ---- ----- ------------- ---- gpei gpei admin (owner) user t1 edit team |