Bug 1202304
| Summary: | All buttons/dropdowns for which user doesn't have appropriate permissions needs to be disabled from discovered_host page | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Sachin Ghai <sghai> |
| Component: | Discovery Plugin | Assignee: | Lukas Zapletal <lzap> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | Sachin Ghai <sghai> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.1.0 | CC: | bbuckingham, bkearney, lzap, riehecky, sghai |
| Target Milestone: | Unspecified | Keywords: | Triaged |
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| URL: | http://projects.theforeman.org/issues/14527 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-08-01 20:01:44 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1193977 | ||
| Attachments: | |||
Created attachment 1002207 [details]
Select_actions dropdown and delete button needs to be disabled on facts page
Ori, another permission-related. Please create appropriate upstream issues, link them and it looks like we need to review permissions for 2.0.1 discovery release (3.0.0 as well). Moving to post since this was fixed by lzap in: https://github.com/theforeman/foreman_discovery/commit/a6826bee71d7818959aca7dbbba035fb94a8c204 Verified with sat6 beta snap6.2 The bz description contains issues at two places: 1) "provision dropdown" on discovered_host page 2) "delete" and "Select action" dropdown on facts page I can see see 'delete' and 'select action' dropdown on facts page with a normal user who has 'discovery_reader' role assigned. Created attachment 1144681 [details]
'delete' and select_action dropdown still visible to user assigned with 'disocvery_reader' role
Sachin, I can only see the dropdown on the Discovered Host detail page: Select action -> Provision...Reboot. I don't see others in the code, can you provide screenshots of what you found? Upstream bug component is Discovery Plugin @Lzap: screenshot in comment8 clearly shows 'Delete' and 'Select action' dropdown. Merged upstream as https://github.com/theforeman/foreman_discovery/pull/266/files Please try to apply the patch and if it fails (which I assume) simply move this bug to 6.3. This is not worth the effort in backporting, there have been big refactoring in upstream in the meantime. The fix to this bug will be delivered with release 6.3 of Satellite. |
Created attachment 1002206 [details] provision dropdown active when "discover_reader" role assigned to normal user Description of problem: Created a user and assigned "discovery Reader" role to it. When login with created user, I can see the discovered host. But I can also click on "provision dropdown". All values under dropdown are active. Similarly when you click on 'discovered host' name, you will see facts page. On facts page too, "delete" and "Select action" dropdown are active. These needs to be disabled though UI throws 403 permission denied error on clicking any of them. But this looks misleading. we should disable the buttons. Version-Release number of selected component (if applicable): sat6.1 beta snap6 compose2 (Satellite-6.1.0-RHEL-6-20150311.1). How reproducible: always Steps to Reproduce: 0. login with admin user 1. discover a host 2. define a discovery rule 3. create a new user and assign "Discovery Reader" role 4. logout 5. login with new user 6. go to hosts --> discovered host Actual results: on discovered_host page, I can also click on "provision dropdown". All values under dropdown are active. Also, when you click on 'discovered host' name, you will see facts page. On facts page too, "delete" and "Select action" dropdown are active. Expected results: "provision dropdown" on discovered host page needs to be disabled. "delete" and "Select action" dropdown on facts page needs to be disabled. Additional info: