Bug 1653709
| Summary: | A user with the role operator can't view datastores through Provider page | ||
|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Angelina Vasileva <anikifor> |
| Component: | UI - OPS | Assignee: | Dávid Halász <dhalasz> |
| Status: | CLOSED ERRATA | QA Contact: | Antonin Pagac <apagac> |
| Severity: | medium | Docs Contact: | Red Hat CloudForms Documentation <cloudforms-docs> |
| Priority: | high | ||
| Version: | 5.9.6 | CC: | bmidwood, dmetzger, hkataria, lavenel, mpovolny, obarenbo, simaishi, smallamp |
| Target Milestone: | GA | ||
| Target Release: | 5.10.0 | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Fixed In Version: | 5.10.0.28 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-02-07 23:03:59 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | CFME Core | Target Upstream Version: | |
| Embargoed: | |||
New commit detected on ManageIQ/manageiq-ui-classic/master: https://github.com/ManageIQ/manageiq-ui-classic/commit/7974931a922d7803a7dc788907431cb7134ec04f commit 7974931a922d7803a7dc788907431cb7134ec04f Author: Dávid Halász <dhalasz> AuthorDate: Wed Nov 28 09:41:51 2018 -0500 Commit: Dávid Halász <dhalasz> CommitDate: Wed Nov 28 09:41:51 2018 -0500 When redirecting to a specific storage, RBAC check storage_show Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1653709 app/controllers/storage_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) New commit detected on ManageIQ/manageiq-ui-classic/hammer: https://github.com/ManageIQ/manageiq-ui-classic/commit/5bf80a07dd490492948948574b44d600bf369ff0 commit 5bf80a07dd490492948948574b44d600bf369ff0 Author: Milan Zázrivec <mzazrivec> AuthorDate: Thu Nov 29 02:42:52 2018 -0500 Commit: Milan Zázrivec <mzazrivec> CommitDate: Thu Nov 29 02:42:52 2018 -0500 Merge pull request #5004 from skateman/rbac-datastore When redirecting to a specific storage, RBAC check storage_show (cherry picked from commit 81e2feea9f83f03756c2effc0d740680e6ee80ff) Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1653709 app/controllers/storage_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Verified with 5.10.0.30. User with EvmRole-operator can now see datastores and datastore details going via: - Compute > Infrastructure > Provider > --provider-- > Datastores or - Compute > Infrastructure > Datastores Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:0212 |
Description of problem: A user with the role operator can't open details view of a datastore through Provider ("Compute > Infrastructure > Provider > --provider-- > Datastores") but can via "Compute > Infrastructure > Datastores" Version-Release number of selected component (if applicable): 5.9.6.2.20181119175512_3a18916 5.10.0.25.20181120211723_d2fd659 How reproducible: Always Steps to Reproduce: 1. Add an infrastructure provider with datastores (tested with vmware) 2. Add a user in EVM Group "EvmGroup-operator" that has Role "EvmRole-operator" 3. Log in with the newly created user 4. Go to "Compute > Infrastructure > Provider > --provider-- > Datastores" 4. Click on any Datastore to see details Actual results: Unexpected error encountered ... No route matches {:action=>"5?display=storages", :controller=>"ems_infra", :id=>"1"} [storage/show] Expected results: The same as if navigated to "Compute > Infrastructure > Datastores" : details view of the datastore Additional info: Admin user can access datastores both ways. I tried to extend permissions of operator by granting all access to "Infrastructure Providers" (full access to "Datastores" is already given) - gives the same error.