Bug 678551

Summary: JSP hq:authorization tag incorrectly determines authz in resources related JSP pages
Product: [Other] RHQ Project Reporter: Lukas Krejci <lkrejci>
Component: Core UIAssignee: RHQ Project Maintainer <rhq-maint>
Status: CLOSED CURRENTRELEASE QA Contact: Corey Welton <cwelton>
Severity: high Docs Contact:
Priority: low    
Version: 4.0.0CC: loleary, mfoley
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 678349 Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 678349    
Bug Blocks: 625146    

Description Lukas Krejci 2011-02-18 11:47:54 UTC 
I'm changing the priority of this bug to low since we have a new GWT based UI for alerts in RHQ 4 (and alert defs were the original UI this was discovered in).

But because we are going to have some remnants of the Struts UI in RHQ 4, let's make sure this is fixed in master as well just in case there were some yet undiscovered areas in the UI that were affected by this.

+++ This bug was initially created as a clone of Bug #678349 +++

A user with a role that should allow the creation of an alert on a resource is unable to save/create an alert definition. When a user with the proper role attempts to create an alert definition for a resource, the OK button (and Reset button) are not rendered on the Alert Definition page in the UI (http://localhost:7080/alerts/Config.do?id=10003&mode=new&conversationId=165)

This prevents a user with valid permissions from creating or modifying an alert. When attempting to modify an existing alert, the Edit button is not rendered.



1. Create a Role with the following permissions:
Global Permissions - None
Resource Permissions - Authorized for Modify, Delete and Create Children
Subsystem Permissions - Write on All and Read/Write on Configure

2. Assign a User 
3. Assign a Resource Group
4. Login as the above user and try to create an Alert on one of the Resources
5. The OK button is not there.


If there is an existing alert definition for a resource which the user has access to, click on the Alert Definition and the Edit button is missing from the Alert Properties, Condition Set, and Notifications Actions sections.
Comment 1 Lukas Krejci 2011-02-18 12:04:29 UTC 
commit 3c32f3404771987a7c40548a71408190ca044867
Author: Lukas Krejci <lkrejci>
Date:   Fri Feb 18 13:01:56 2011 +0100

    BZ 678551 - fixing the authz logic in the hq:authorization JSP tag.
Comment 2 Mike Foley 2011-05-04 14:04:29 UTC 
verified RHQ4.0 community release, by following the steps to repro.
Comment 3 Corey Welton 2011-05-24 01:14:40 UTC 
Bookkeeping - closing bug - fixed in recent release.
Comment 4 Corey Welton 2011-05-24 01:14:40 UTC 
Bookkeeping - closing bug - fixed in recent release.
Comment 5 Corey Welton 2011-05-24 01:14:41 UTC 
Bookkeeping - closing bug - fixed in recent release.