Bug 786159
Summary: | Remove default ability to see user details | ||
---|---|---|---|
Product: | [Other] RHQ Project | Reporter: | Charles Crouch <ccrouch> |
Component: | Core Server, Core UI | Assignee: | Charles Crouch <ccrouch> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Mike Foley <mfoley> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 4.2 | CC: | ccrouch, hbrock, hrupp, loleary |
Target Milestone: | --- | ||
Target Release: | JON 3.1.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-09-03 15:06:23 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 796437, 798465 | ||
Bug Blocks: | 782579 |
Description
Charles Crouch
2012-01-31 15:55:03 UTC
Ian, please discuss your intended approach on rhq-devel This is done in master: http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commitdiff;h=e2bbfdf I added a new global perm named VIEW_USERS, which is required in order to view other RHQ users. Enforcement of the permission is implemented at the SLSB layer (in SubjectManagerBean). For backward compatibility sake, dbsetup gives existing roles the new permission, and the create new role view in the GUI selects the checkbox for the VIEW_USERS perm by default. http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commitdiff;h=fd854c8 adds functional tests for this feature. I still need to write tests that verify the VIEW_USERS permission gets added to existing roles by dbupgrade. The dbsetup/dbupgrade test have been added in master: http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commitdiff;h=5371524 Documenting the acceptance criteria for this BZ, as follows: Acceptance Criteria: -Users in roles without the new VIEW_USER_DETAILS permission will not be able to see any JON user information in the system beyond usernames -Users in roles with the new VIEW_USER_DETAILS permission will be able to see JON user information across the system just as the do today. -In upgraded systems all old roles will have the VIEW_USER_DETAILS permission, so there will be no change in behaviour for existing users added TCMS testcase as follows: https://tcms.engineering.redhat.com/case/146315/?from_plan=5753 verified Bulk closing of old issues in VERIFIED state. |