Bug 743522

Summary: A non-admin user(LDAP user) without alert privileges when clicks on the group alert definition tab displays IllegalArgumentException
Product: [Other] RHQ Project Reporter: Sunil Kondkar <skondkar>
Component: Core UIAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4.1CC: hrupp
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
ServerLog none

Description Sunil Kondkar 2011-10-05 09:55:06 UTC 
Description of problem:

Tried to access group alert definition by a non-admin user(LDAP user) without alert privileges. Navigating to the group alert definition tab displays exception in server log and a message 'Failed to fetch alert definition data' in UI.

Please find attached the server log

Version-Release number of selected component (if applicable):
Build#466 (Version: 4.1.0-SNAPSHOT Build Number: 092d688)

LDAP Details:

Active Directory Server (Windows Server 2003 R2)
URL: ldap://10.65.201.130:636
Search Base:  dc=pnq,dc=redhat,dc=com
Username:  cn=Administrator,cn=users,dc=pnq,dc=redhat,dc=com
Password:  redhat
Search Filter:  objectclass=*
Login Property:   cn
Group Search Filter:   objectclass=group
Group Member Filter:   member

LDAP Username/password:  suniltestad/Redhat123 ( Is a member of LDAP group: sunilgroupad )

How reproducible:
Always

Steps to Reproduce:

1. Create a LDAP group (Ex: sunilgroupad )
2. Create a LDAP user (suniltestad)
3. Add the LDAP user to the LDAP group

4. Login to rhq as rhqadmin
5. Create a compatible group of resource like RHQ Agent
6. Define an alert for the compatible group (Ex: Operation execution - Execute 7. the operation so that alert get fired)
8. Create a role (Assign the compatible group created and map to an LDAP group( sunilgroupad ) while creating the role)
9. Login to RHQ as LDAP user(suniltestad)
10. Navigate to Inventory->Compatible groups
11. Click on the compatible group name
12. Click on Alerts tab
13. Click on 'Definitions' sub tab
  
Actual results:

It displays exception in server log and a message 'Failed to fetch alert definition data' in UI.

Expected results:
No exception should be displayed

Additional info:
Comment 1 Sunil Kondkar 2011-10-05 09:55:41 UTC 
Created attachment 526453 [details]
ServerLog
Comment 2 Sunil Kondkar 2011-10-05 12:28:42 UTC 
This is also reproducible with a non-admin user with alert permissions (Non admin user can be LDAP user or RHQ user with alert permissions.)

Steps:
1. Login to rhq as rhqadmin.
2. Create a compatible group of resource like RHQ Agent.
3. Define an alert for the compatible group (Ex: Operation execution - Execute
   the operation so that alert get fired)
4. Create a RHQ user.
5. Create a role selecting only 'Manage Alerts' read and write permissions for 'Resource Permissions'. Add the compatible group and user created to the role.
6. Login to RHQ as the user.
7. Navigate to Inventory->Compatible groups.
8. Click on the compatible group name.
9. Click on Alerts tab.
10. Click on 'Definitions' sub tab.
Comment 3 Mike Foley 2011-10-05 14:23:12 UTC 
goal should be you are not presented with options that you are not able to do.  still ... user cannot perform the activity.