Bug 535270 (RHQ-1984)

Summary: Fix Operations tab (for single resource) UI when user doesn't have permission
Product: [Other] RHQ Project Reporter: Jeff Weiss <jweiss>
Component: OperationsAssignee: RHQ Project Maintainer <rhq-maint>
Status: CLOSED NOTABUG QA Contact: Jeff Weiss <jweiss>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.2CC: dajohnso, ian.springer
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
URL: http://jira.rhq-project.org/browse/RHQ-1984
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
rev3752
Last Closed: 2011-02-11 22:17:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 585306    

Description Jeff Weiss 2009-04-16 16:41:00 UTC 
The basic problem here is that for a single resource, the Operations tab when the user doesn't have permission, should disable the operations links and show a message that the user doesn't have permission.   This is already implemented for groups.

<jweiss> ghinkle: i'm also noticing a strange discrepancy between the operation tab of the group top level resource (AS Servers) and a single AS Server's Operation tab.  in the group, the tab shows "You do not have permissions to execute operations on this group " and the links are disabled.  the single resource has no such message, the links are enabled, and when you click them you get a message about not having permission.
 the former seems like the proper way to deny permission on the op tab.  why 2 implementations?
 wait, what i mean is not, 'why do the internals require 2 impls', but rather even if there are two internal impls, why do they look different in the UI
<ghinkle> jweiss: i haven't gotten around to fixing the resource version... just the group version
<jweiss> ghinkle: ok, is there a jira for it?  i'm not going to push for fixing in 2.2 but needs to be tracked
<ghinkle> not sure
<jweiss> i'll write one if i can't find it
Comment 1 Red Hat Bugzilla 2009-11-10 20:55:27 UTC 
This bug was previously known as http://jira.rhq-project.org/browse/RHQ-1984
Comment 2 Ian Springer 2011-02-11 22:17:31 UTC 
This was JSF. Authz is done for the coregui resource and group Operations tabs. Specifically, the various buttons - New, Delete, etc. - are disabled if the user does not have the CONTROL perm.