Bug 678349

Summary: OK button missing from Alert Definition UI even when user has Alert Write Role
Product: [Other] RHQ Project Reporter: Larry O'Leary <loleary>
Component: Core UIAssignee: Lukas Krejci <lkrejci>
Status: CLOSED CURRENTRELEASE QA Contact: Mike Foley <mfoley>
Severity: urgent Docs Contact:
Priority: high    
Version: 3.0.0CC: lkrejci, skondkar
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 678551 (view as bug list) Environment:
JON 2.4.0
Last Closed: 2013-09-02 07:22:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 678551    

Description Larry O'Leary 2011-02-17 16:38:23 UTC 
A user with a role that should allow the creation of an alert on a resource is unable to save/create an alert definition. When a user with the proper role attempts to create an alert definition for a resource, the OK button (and Reset button) are not rendered on the Alert Definition page in the UI (http://localhost:7080/alerts/Config.do?id=10003&mode=new&conversationId=165)

This prevents a user with valid permissions from creating or modifying an alert. When attempting to modify an existing alert, the Edit button is not rendered.



1. Create a Role with the following permissions:
Global Permissions - None
Resource Permissions - Authorized for Modify, Delete and Create Children
Subsystem Permissions - Write on All and Read/Write on Configure

2. Assign a User 
3. Assign a Resource Group
4. Login as the above user and try to create an Alert on one of the Resources
5. The OK button is not there.


If there is an existing alert definition for a resource which the user has access to, click on the Alert Definition and the Edit button is missing from the Alert Properties, Condition Set, and Notifications Actions sections.
Comment 1 Lukas Krejci 2011-02-17 17:15:47 UTC 
This is a bug in the hq:authorization JSP tag which checks for permissions of the current user.

The workaround is to manually modify the URL such that:

http://localhost:7080/alerts/Config.do?id=10003&mode=new

will become

http://localhost:7080/alerts/Config.do?id=10003&groupId=10003mode=new

i.e.

add a groupId parameter to the URL with the same value as the id parameter.
Comment 2 Lukas Krejci 2011-02-17 17:16:31 UTC 
whoops, the "fixed" URL should have been:

http://localhost:7080/alerts/Config.do?id=10003&groupId=10003&mode=new
Comment 3 Lukas Krejci 2011-02-17 17:27:33 UTC 
Ok, I was wrong.. The workaround outlined above would cause the user to define a group alert instead of a resource alert.

Not sure what an actually working solution to this should be without code modifications.
Comment 6 Lukas Krejci 2011-03-09 09:56:49 UTC 
The fix has been pushed to release-3.0.0:

commit 091cf3cc56cde7ab585bb55a14ea1740263b88d7
Author: Lukas Krejci <lkrejci>
Date:   Fri Feb 18 12:27:17 2011 +0100

    BZ 678349 - fixing the authz logic in the hq:authorization JSP tag.
Comment 7 Sunil Kondkar 2011-05-31 09:01:09 UTC 
Verified on build101 (Version: 4.1.0-SNAPSHOT Build Number: 712d0e1)

Created a group of jbossAs5 resources, created a role with the mentioned permissions. Assigned a user and the group of jbossAs5 resources to the role.

Logged in as the assigned user and successfully created alert on the jbossAs5 resources and also verified that the assigned user can edit the alert in General Properties, Condition and Notification tabs.

Marking as verified.
Comment 8 Lukas Krejci 2011-05-31 09:27:10 UTC 
This is an RHQ 3 bug so I think this still should be tested against a build from release-3.0.1 branch.
Comment 9 Sunil Kondkar 2011-06-21 10:52:16 UTC 
Verified by applying the patch 'http://jon01.mw.lab.eng.bos.redhat.com:8042/dist/patches/2.4.0.GA/jon-server-2.4.0.GA-patch4.zip' to the jon240GA build.

After applying the patch, it displays the OK and Reset buttons while creating an alert for the user having alert write role. Also verified that the user can edit the alert definition.

Marking as verified.
Comment 10 Heiko W. Rupp 2013-09-02 07:22:46 UTC 
Bulk closing of issues that were VERIFIED, had no target release and where the status changed more than a year ago.