Bug 1151059

Summary: Miscellaneous permission "my_organizations" belongs in Organization filter
Product: Red Hat Satellite Reporter: Tom McKay <tomckay>
Component: Users & RolesAssignee: Tom McKay <tomckay>
Status: CLOSED WONTFIX QA Contact: Katello QA List <katello-qa-list>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.0.4CC: bbuckingham, bkearney, mmccune, sthirugn
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
URL: http://projects.theforeman.org/issues/7878
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-03-11 03:43:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 971511    

Description Tom McKay 2014-10-09 13:59:29 UTC 
The functionality behind my_organizations (eg. listing the orgs selectable in the UI context menu) requires users to be assigned to orgs. This makes creating roles, such as the Site Admin built-in behave strangely.

I'd suggest that the following:

+ Remove my_organizations permission
+ Add a search type for Organization permissions (eg. view_organizations w/ User.current.my_organizations)
+ All access to orgs is handled through Organization permissions


This would allow roles that span the entire install (eg. Site Admin, Site Auditor, etc.) to specify a role "view_organizations w/ unlimited". This user would not have to _belong_ to the orgs since, in fact, they are site managers not members.

Note: All of the above should be applied similarly to my_locations, which I do not see as a permission anywhere currently.
Comment 1 Tom McKay 2014-10-09 13:59:30 UTC 
Created from redmine issue http://projects.theforeman.org/issues/7878
Comment 3 Bryan Kearney 2015-08-25 18:08:16 UTC 
Upstream bug component is Users & Roles