Bug 603899
Summary: | User assigned role with dynagroup, resourcehub shows wrong content | ||
---|---|---|---|
Product: | [Other] RHQ Project | Reporter: | Jeff Weiss <jweiss> |
Component: | Core Server | Assignee: | Joseph Marques <jmarques> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Corey Welton <cwelton> |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | 3.0.0 | CC: | cwelton, dajohnso, jmarques |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 2.4 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-08-12 16:52:12 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 565628, 593121 |
Description
Jeff Weiss
2010-06-14 19:24:21 UTC
raising this to urgent. this isn't a matter of the counts being wrong, this is a matter of being able to see resources to which a user is entitled. right now, the permissions appear to be too aggressive; upon logging in (after following the reproduction steps) no resources can be seen at all. Underlying exception in the server log is as follows: 14:11:35,854 ERROR [PagedListDataModel] Could not retrieve collection for PageControlView[BrowseResourcesUIBean] org.rhq.enterprise.server.authz.PermissionException: Subject [simple] requires InventoryManager permission for requested query criteria. at org.rhq.enterprise.server.resource.ResourceManagerBean.findResourcesByCriteria(ResourceManagerBean.java:2044) at org.rhq.enterprise.server.resource.ResourceManagerBean.findResourceCompositesByCriteria(ResourceManagerBean.java:2024) This is why the resource browser shows nothing. commit 22e6fee94ca7f2aabd2defad3922b04544488980 Author: Joseph Marques <joseph> Date: Mon Jun 21 14:23:31 2010 -0400 BZ-603899: fix the overly aggressive authorization for the resource browser I think the first part of this is fixed, but not the second? When logging in as user, I do, now, see resources (all the agents) as expected. However, when I go to groups, I am still seeing all groups created -- not just the one I have explicitly assigned to the user. Returning to dev for consideration. Corey, good catch. You're right, I didn't even realize there was a second part to this fix. commit b9ca90d9414a7e09eeac2fb9e2423a3f607eafe7 Author: Joseph Marques <joseph> Date: Wed Jun 23 10:22:25 2010 -0400 BZ-603899: add missing authorization check to ResourceGroupManager.findResourceGroupCompositesByCriteria QA Verified. Mass-closure of verified bugs against JON. |