Bug 1330022
| Summary: | WebUI: Ownership: User/Group drop down does not display the values | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Ramesh A <rananda> | ||||||
| Component: | UI - OPS | Assignee: | Libor Pichler <lpichler> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Ramesh A <rananda> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 5.6.0 | CC: | apagac, bascar, dajohnso, dclarizi, gtanzill, hkataria, jhardy, lpichler, mpovolny, obarenbo, simaishi | ||||||
| Target Milestone: | GA | ||||||||
| Target Release: | 5.6.0 | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | ui:ownership:cfme_tenant | ||||||||
| Fixed In Version: | 5.6.0.8 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2016-06-29 15:53:55 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | Bug | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | Unknown | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
|
Description
Ramesh A
2016-04-25 10:02:34 UTC
Created attachment 1150340 [details]
user drop down
Created attachment 1150341 [details]
group drop down
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/63c14d77b04d7622c4fcc96bb2eabe9f0bef7909 commit 63c14d77b04d7622c4fcc96bb2eabe9f0bef7909 Author: lpichler <lpichler> AuthorDate: Fri May 6 13:45:32 2016 +0200 Commit: lpichler <lpichler> CommitDate: Wed May 18 09:40:13 2016 +0200 Use descendants strategies for User and MiqGroup affects lists in set ownership screen and list in Access Control https://bugzilla.redhat.com/show_bug.cgi?id=1330022 .../application_controller/ci_processing.rb | 4 ++-- app/models/rbac.rb | 2 ++ app/models/user.rb | 20 ++++++++++++++++++++ 3 files changed, 24 insertions(+), 2 deletions(-) https://github.com/ManageIQ/manageiq/pull/8501 we are now using descendant tenant's strategy. so: For the Users drop down, we are displaying show all users in the tenant that the user belongs to as well as the users in the tenants below. For the Groups drop down, we are displaying show all groups that are associated with the tenant that the user belongs to as well as the groups associated with the tenants below. For admin users we are displaying all users and groups. Hi Libor, I understand the functionality based on comment#8. But, I see some different behavior with and without role restriction for the user/group drop down. Request you kind inputs in understanding the functionality correctly. Let me explain my testing scenario: =================================== Create the following: Roles: ====== 1. role-1 with no "VM & Template Access Restriction" 2. role-2 with "VM & Template Access Restriction" as "only User Owned" 3. role-3 with "VM & Template Access Restriction" as "Only User or Group Owned" Groups:(Assign all the groups to the same tenant say "My Tenanat") ================================================================== 1. group-1, assign role-1 2. group-2, assign role-2 3. group-3, assign role-3 Users: ====== 1. user-1, assign to group-1 2. user-11, assign to group-1 3. user-2, assign to group-2 4. user-22, assign to group-2 5. user-3, assign to group-3 6. user-33, assign to group-3 Scenario-1: (Working fine as per the new implementation described in comment#8) =============================================================================== login as any user, navigate to Infrastructure Virtual Machines or Cloud Instance. Choose a vm/instance ==> Configuration ==> Set Ownership Result ==> all the users and groups are listed as there is no restriction on the role, which is working fine as per the new implementation Not clear with the below scenario behaviors, need clarification here Scenario-2: =========== 1. As admin, assign a vm or instance to user2 2. Login as user2, only the assigned vm/instance is displayed 3. Choose the vm/instance ==> Configuration ==> Set Ownership 4. Check for the user/group drop down Result ==> only the current user and group he belongs to is displayed (i.e., user-2 & group-2 is displayed) Scenario-3: =========== 1. As Admin, assign a vm or instance to user3 and group3 2. Login as user3 or user33, both of them should be able to see the vm/instance 3. Choose the vm/instance ==> Configuration ==> Set Ownership 4. Check for the user/group drop down Result ==> only the current user and group he belongs to is displayed (i.e., for user 3 ==> user-3 & group-3 is displayed, for user 3 ==> user-33 & group-3 is displayed) So, my question is for Scenario-2 and Scenario-3 Question-1: =========== Why other users belonging to the same group & tenant is not displayed? Reason, being user2 is not able change the ownership to another user who belongs to the same group i.e., user 22. Secondly he is not able to set ownership to another group which belongs to same tenant (which means, user 2 should be able to set ownership to group-1, group-2, group-3) Question-2: =========== As users belonging to group-2 and group-3 will not be able to set ownership to any other user or group, then what is the point of enabling "set ownership" option at all for these groups(this question is the extension for Question-1) Request your valid input here to understand the functionality correctly and deeply. Correct me if I am wrong in understanding this functionality Thanks, Ramesh Tested in 5.6.0.8-rc1.20160524155303_f2a5a50 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1348 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |