Bug 1348623
| Summary: | Control Explorer is displayed despite role has restricted access to it | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Ramesh A <rananda> | ||||||
| Component: | UI - OPS | Assignee: | Harpreet Kataria <hkataria> | ||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Nikhil Dhandre <ndhandre> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 5.6.0 | CC: | akarol, cpelland, dajohnso, dclarizi, hkataria, jhardy, mpovolny, ndhandre, obarenbo, simaishi | ||||||
| Target Milestone: | GA | Keywords: | TestOnly, ZStream | ||||||
| Target Release: | cfme-future | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | ui:rbac | ||||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | |||||||||
| : | 1417669 1433962 1461594 (view as bug list) | Environment: | |||||||
| Last Closed: | 2018-03-21 18:08:41 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 1417669, 1433962, 1461594 | ||||||||
| Attachments: |
|
||||||||
Created attachment 1170323 [details]
user page
Ramesh, I was not able to recreate this on latest upstream codebase, please test with next build. Looks like this issue has been fixed by https://github.com/ManageIQ/manageiq/pull/9240 Please close if this is fixed. Thanks, ~Harpreet Harpeet, I was able to reproduce this in 5.6, 5.7 and upstream builds Version - Build Number ======================= 5.6 - 5.6.3.3.20161128141841_49d925b 5.7 - 5.7.0.17.20161219135818_725f92f upstream - master.20170104071831_8bda79e Thanks, Ramesh Ramesh, I was able to reproduce the problem and locate what's wrong. The EvmRole-approver role does in fact have the permission to view the Control Explorer, the bug is that the tree isn't displaying that. I have been working on refactoring this tree and when I am finished the box next to "Explorer" will be checked. —Eric Hayes New commit detected on ManageIQ/manageiq/euwe: https://github.com/ManageIQ/manageiq/commit/e54076bf76cde1a19f7b9539801dae6eaa704abb commit e54076bf76cde1a19f7b9539801dae6eaa704abb Author: Eric Hayes <eric> AuthorDate: Wed Jan 18 16:18:40 2017 -0800 Commit: Eric Hayes <eric> CommitDate: Wed Jan 18 17:24:24 2017 -0800 Build tree by counting all descendants Currently selected boxes deeper in the tree do not “bubble up” the select state to their ancestors. This changes that by counting all descendants including hidden features, also taking into account 3 possible select states. https://bugzilla.redhat.com/show_bug.cgi?id=1348623 https://bugzilla.redhat.com/show_bug.cgi?id=1411831 app/controllers/ops_controller/rbac_tree.rb | 319 ++++++++++++++-------- spec/controllers/ops_controller/rbac_tree_spec.rb | 48 +++- 2 files changed, 252 insertions(+), 115 deletions(-) New commit detected on ManageIQ/manageiq-ui-classic/master: https://github.com/ManageIQ/manageiq-ui-classic/commit/4f46dae639cd83fa3524b8503ea12557544affa1 commit 4f46dae639cd83fa3524b8503ea12557544affa1 Author: Eric Hayes <eric> AuthorDate: Tue Jan 3 13:17:53 2017 -0800 Commit: Eric Hayes <eric> CommitDate: Mon May 1 16:06:10 2017 -0700 Convert Menu Features Tree to use TreeBuilder Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1348623 https://bugzilla.redhat.com/show_bug.cgi?id=1411831 https://www.pivotaltracker.com/story/show/129518309 app/controllers/ops_controller/ops_rbac.rb | 11 +- app/controllers/ops_controller/rbac_tree.rb | 146 --------------------- app/presenters/menu/item.rb | 10 ++ app/presenters/menu/manager.rb | 12 +- app/presenters/menu/section.rb | 16 ++- app/presenters/tree_builder.rb | 8 +- app/presenters/tree_builder_ops_rbac_features.rb | 145 ++++++++++++++++++++ app/presenters/tree_node/menu/item.rb | 36 +++++ app/presenters/tree_node/menu/node.rb | 28 ++++ app/presenters/tree_node/menu/section.rb | 19 +++ app/presenters/tree_node/miq_product_feature.rb | 48 +++++++ app/views/ops/_rbac_role_details.html.haml | 118 ++++++++--------- spec/controllers/ops_controller/rbac_tree_spec.rb | 14 -- .../tree_builder_ops_rbac_features_spec.rb | 57 ++++++++ 14 files changed, 431 insertions(+), 237 deletions(-) delete mode 100644 app/controllers/ops_controller/rbac_tree.rb create mode 100644 app/presenters/tree_builder_ops_rbac_features.rb create mode 100644 app/presenters/tree_node/menu/item.rb create mode 100644 app/presenters/tree_node/menu/node.rb create mode 100644 app/presenters/tree_node/menu/section.rb create mode 100644 app/presenters/tree_node/miq_product_feature.rb delete mode 100644 spec/controllers/ops_controller/rbac_tree_spec.rb create mode 100644 spec/presenters/tree_builder_ops_rbac_features_spec.rb This fix cannot be back ported. Targeted fixes for other branches have been submitted. Per comment 22, moving this to verified. |
Created attachment 1170322 [details] EvmRole-approver access Description of problem: Control Explorer is displayed despite role is has restricted access to it Version-Release number of selected component (if applicable): 5.6.0.11-rc2.2.20160614152915_f315c68 How reproducible: Very Steps to Reproduce: 1. Create a new user and assign "EvmRole-approver" role to it 2. Login as user and check for Contol ==> Explorer in the navigation Actual results: Control Explorer page is enabled for the user Expected results: Should not display and access the Explorer tab, as the role does not have access to it. Refer the screenshot for more details Additional info: