Bug 1103145
Summary: | User couldn't add global team(the user is a member of) as a member by team name when doesn't have view_global_teams permission | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Gaoyun Pei <gpei> |
Component: | Node | Assignee: | Brenton Leanhardt <bleanhar> |
Status: | CLOSED ERRATA | QA Contact: | libra bugs <libra-bugs> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 2.1.0 | CC: | adellape, bleanhar, jliggitt, jokerman, libra-onpremise-devel, mmccomas |
Target Milestone: | --- | Keywords: | Upstream |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
If a developer was part of a global team but did not have the view_global_teams capability enabled on their account, they could add the global team as a member of their domain using the ID but not using the name. This issue was caused by the view_global_teams capability, which is only intended to control the ability to search and view global teams, unintentionally blocking the functionality. This bug fix updates this capability to allow the addition of global teams as domain members using either the ID or name as intended.
|
Story Points: | --- |
Clone Of: | 1103131 | Environment: | |
Last Closed: | 2014-08-04 13:27:14 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1103131 | ||
Bug Blocks: |
Description
Gaoyun Pei
2014-05-30 11:21:47 UTC
Fix available in https://github.com/openshift/origin-server/pull/5468 Upstream commit: commit 1e14237ddb04b758734955b170fb1f11d0470641 Author: Jordan Liggitt <jliggitt> Date: Fri May 30 10:54:52 2014 -0400 Bug 1103131: Remove authorize! check and let Team.accessible() limit which global teams a user can see Verify this bug on puddle 2.1.z/2014-07-15.1 User gpei have domain "00" and belongs to global team "team1". User gpei doesn't have view_global_teams permission [root@broker ~]# oo-admin-ctl-user -l gpei User gpei: plan: consumed domains: 1 max domains: 10 consumed gears: 0 max gears: 100 max tracked storage per gear: 0 max untracked storage per gear: 0 max teams: 0 viewing all global teams allowed: false gear sizes: small, medium sub accounts allowed: false private SSL certificates allowed: false inherit gear sizes: false HA allowed: false [root@dhcp-129-188 workspace]# rhc team list Team team1 ---------- ID: 53c5e9f1db26c83b25000001 Global: true Members: gpei (view) You are a member of 1 team. [root@dhcp-129-188 workspace]# rhc member-add team1 -n 00 --type team --global Adding 1 editor to domain ... DEBUG: Searching teams done [root@dhcp-129-188 workspace]# rhc member list -n 00 Name Login Role Type ----- ----- ------------- ---- gpei gpei admin (owner) user team1 edit team Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-0999.html |