Bug 1281891
| Summary: | non-admin users are unable to view saved reports | |||
|---|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Felix Dewaleyne <fdewaley> | |
| Component: | UI - OPS | Assignee: | lgalis | |
| Status: | CLOSED ERRATA | QA Contact: | Niyaz Akhtar Ansari <nansari> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 5.4.0 | CC: | cpelland, dclarizi, fdewaley, gtanzill, hkataria, jhardy, jprause, lgalis, mfeifer, mpovolny, obarenbo, simaishi, tcarlin | |
| Target Milestone: | GA | |||
| Target Release: | 5.6.0 | |||
| Hardware: | All | |||
| OS: | All | |||
| Whiteboard: | ||||
| Fixed In Version: | 5.6.0.0 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1287755 1287759 (view as bug list) | Environment: | ||
| Last Closed: | 2016-06-29 15:06:09 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1287755, 1287759 | |||
|
Description
Felix Dewaleyne
2015-11-13 17:45:40 UTC
to view the reports you need to fist select the "everything > cloud intelligence > reports" branch, save, then you can unselect everything but the "saved reports" branch and continue to view the saved reports only. observations : if a users gives reports > view and saved reports > modify he can see reports, but not all of them. After cross-checking it appears the group of the reports aren't all the same, but that may not be the only coincidence as the number of reports displayed does not seem to be entirely consistant. It is important to note that the user here is using a LDAP and that his user account is a member of two groups. the two groups appear to have been used when creating the reports. it appears that which user can see or not saved reports of the same report depends entirely on the active group of the user owning the scheduler. Unfortunately users with several groups would likely use LDAP to manage authentication and thus can't have a user that exists only in the database and will constantly run the reports. A workaround would be to have an appliance not authenticate against the LDAP but against the Database, have it have a special user that will run all the schedulers for one group - one that will always have visibility to all reports - and have all users who need to be able to see reports be part of that group. I believe a fix for this would be to disable group filtering on saved reports and to encourage existing users to configure which reports their groups have access to via the menu editor (cloud intelligence > reports > edit reports menu) New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/50f3e8db43193c3e461b15283dd28aa20bee0083 commit 50f3e8db43193c3e461b15283dd28aa20bee0083 Author: Laura Galis <lgalis> AuthorDate: Tue Nov 24 11:52:10 2015 -0500 Commit: Laura Galis <lgalis> CommitDate: Tue Nov 24 18:23:29 2015 -0500 Add 'View' feature for Saved Reports https://bugzilla.redhat.com/show_bug.cgi?id=1281891 One requirement for UI changes for this BZ app/controllers/report_controller.rb | 2 +- app/controllers/report_controller/reports.rb | 2 +- app/controllers/report_controller/saved_reports.rb | 1 + app/helpers/application_helper/toolbar_builder.rb | 3 +++ db/fixtures/miq_product_features.yml | 4 ++++ 5 files changed, 10 insertions(+), 2 deletions(-) New commit detected on cfme/5.5.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=b695a896d48ce35e74de5e0b77a48f790b77f0bb commit b695a896d48ce35e74de5e0b77a48f790b77f0bb Author: Laura Galis <lgalis> AuthorDate: Tue Nov 24 11:52:10 2015 -0500 Commit: Laura Galis <lgalis> CommitDate: Mon Nov 30 10:55:16 2015 -0500 Add 'View' feature for Saved Reports https://bugzilla.redhat.com/show_bug.cgi?id=1281891 One requirement for UI changes for this BZ (cherry picked from commit 50f3e8d) app/controllers/report_controller.rb | 2 +- app/controllers/report_controller/reports.rb | 2 +- app/controllers/report_controller/saved_reports.rb | 1 + app/helpers/application_helper/toolbar_builder.rb | 3 +++ db/fixtures/miq_product_features.yml | 4 ++++ 5 files changed, 10 insertions(+), 2 deletions(-) New commit detected on cfme/5.5.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=9632686358e7d8b46e44775c04098073beaea94d commit 9632686358e7d8b46e44775c04098073beaea94d Merge: 5824ccb e9b469b Author: Dan Clarizio <dclarizi> AuthorDate: Mon Dec 7 16:01:58 2015 -0500 Commit: Dan Clarizio <dclarizi> CommitDate: Mon Dec 7 16:01:58 2015 -0500 Merge branch '5.5.z_non_admin_user_cannot_see_saved_reports' into '5.5.z' 5.5.z non admin user cannot see saved reports https://bugzilla.redhat.com/show_bug.cgi?id=1281891 5.5 BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1287755 Clean merge request for all files except miq_product_feature_spec.rb from https://github.com/ManageIQ/manageiq/pull/5592 See merge request !552 app/controllers/report_controller.rb | 2 +- app/controllers/report_controller/reports.rb | 2 +- app/controllers/report_controller/saved_reports.rb | 1 + app/helpers/application_helper/toolbar_builder.rb | 3 ++ .../tree_builder_report_saved_reports.rb | 2 +- db/fixtures/miq_product_features.yml | 4 +++ .../application_helper/toolbar_builder_spec.rb | 38 ++++++++++++++++++++++ 7 files changed, 49 insertions(+), 3 deletions(-) New commit detected on cfme/5.4.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=4741ae67caa70843faca0e12f4208daf1a9911a1 commit 4741ae67caa70843faca0e12f4208daf1a9911a1 Author: Laura Galis <lgalis> AuthorDate: Tue Dec 1 18:15:48 2015 -0500 Commit: Laura Galis <lgalis> CommitDate: Mon Dec 7 17:51:22 2015 -0500 Add View feature to Saved Reports https://bugzilla.redhat.com/show_bug.cgi?id=1281891 vmdb/app/controllers/report_controller.rb | 2 +- vmdb/app/controllers/report_controller/reports.rb | 2 +- vmdb/app/controllers/report_controller/saved_reports.rb | 1 + vmdb/db/fixtures/miq_product_features.yml | 4 ++++ vmdb/spec/models/miq_product_feature_spec.rb | 10 +++++++--- 5 files changed, 14 insertions(+), 5 deletions(-) New commit detected on cfme/5.4.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=4f5d33f51ea5999c0019bd5130e1d55bef57eb92 commit 4f5d33f51ea5999c0019bd5130e1d55bef57eb92 Merge: 1a9d409 4741ae6 Author: Dan Clarizio <dclarizi> AuthorDate: Tue Dec 8 10:49:09 2015 -0500 Commit: Dan Clarizio <dclarizi> CommitDate: Tue Dec 8 10:49:09 2015 -0500 Merge branch '5.4.z_add_view_feature_for_saved_reports' into '5.4.z' Add View feature to Saved Reports https://bugzilla.redhat.com/show_bug.cgi?id=1281891 5.4 BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1287759 See merge request !567 vmdb/app/controllers/report_controller.rb | 2 +- vmdb/app/controllers/report_controller/reports.rb | 2 +- vmdb/app/controllers/report_controller/saved_reports.rb | 1 + vmdb/db/fixtures/miq_product_features.yml | 4 ++++ vmdb/spec/models/miq_product_feature_spec.rb | 10 +++++++--- 5 files changed, 14 insertions(+), 5 deletions(-) users with the "view" permission on reports (and no other permission on) are able to view saved reports Verified in 5.6.0.1-beta2.20160413141124_e25ac0e Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1348 |