Bug 743576

Summary: Non admin user should not be able to change the field login enabled to 'No'
Product: [Other] RHQ Project Reporter: Venkat <vupparap>
Component: Core UIAssignee: RHQ Project Maintainer <rhq-maint>
Status: ON_DEV --- QA Contact: Mike Foley <mfoley>
Severity: low Docs Contact:
Priority: low    
Version: 4.1CC: hrupp, sdharane
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Attachments:
Description Flags
Serverlog none

Description Venkat 2011-10-05 08:19:49 EDT
Created attachment 526481 [details]
Serverlog

Description of problem:
Non admin user should not be able to change the field login enabled to 'No'

Version-Release number of selected component (if applicable):
RHQ
Version: 4.1.0-SNAPSHOT
Build Number: 092d688

GWT Version: 2.0.4
SmartGWT Version: 2.4


How reproducible:
Every time


Steps to Reproduce:
1. Create a LDAP group (Ex: sunilgroupad )
2. Create a LDAP user (suniltestad)
3. Add the LDAP user to the LDAP group
4. Login to rhq as rhqadmin
5. Create a role with all global and resource permissions (Manage Security)
6. Logout and login to RHQ as LDAP user(suniltestad)
7. Navigate to administration tab --> users---> user link
8. Select "no" radio as for  Login enabled field
9. login with the same ldap user.
10. It won't allow the user to login as we changed to no.
11. But seen some authentication error message at server log 

Please find the log as attached ....
  
Actual results:
[org.rhq.enterprise.gui.authentication.AuthenticateUserAction] Could not log into the web application

Expected results:
There should be no exception.

Additional info:
At present the LDAP user cannot delete himself or he can not change his password. The same way ldap user should not be able to change the login enabled to 'No'
Comment 1 Mike Foley 2011-10-05 10:19:23 EDT
role has manage security ... which gives you full access to set all permissions, including enabling and disabling login.  user can correctly login, and receives an error message saying he cannot login.  the exception when someone not authenticated cannot login ... seems ok.  consider changing to debug message...