Bug 796437

Summary: Users with super user role cannot view other users
Product: [Other] RHQ Project Reporter: John Sanda <jsanda>
Component: Core ServerAssignee: RHQ Project Maintainer <rhq-maint>
Status: CLOSED CURRENTRELEASE QA Contact: Mike Foley <mfoley>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.3CC: ccrouch, hrupp, jkandasa
Target Milestone: ---   
Target Release: RHQ 4.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-31 10:15:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 782579, 786159    

Description John Sanda 2012-02-22 21:35:01 UTC 
Description of problem:
As a user in the super user role, e.g., rhqadmin, I cannot view other users in the users view. I came across this in master.

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1. Log in as rhqadmin (or another user in the super user role).
2. Create a new user, and do not assign the user to the super user role.
3. After the user is created you are sent to the users view, but you will not see the user even if you click the refresh button in the footer.
  
Actual results:

Expected results:


Additional info:
I assigned the new user to a new role, and when I (as rhqadmin) go to view that role and click on the users tab, I do see the user listed. I can log in as the new user as well. The new user can the see the list of users as expected. This problem appears to be specific to users in the super user role.
Comment 1 John Sanda 2012-02-23 02:44:41 UTC 
It appears that this may be related to bug 786159. CCing Ian Springer so he can take a look at this.
Comment 2 Ian Springer 2012-02-23 22:48:32 UTC 
Fixed in master:

http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commitdiff;h=ffad3bb

We now make sure superusers, or users w/ MANAGE_SECURITY, can view other users, even if they don't have VIEW_USERS.
Comment 3 Ian Springer 2012-02-27 17:44:44 UTC 
QA Steps
========
1) Verify that rhqadmin can view all other users.
2) Verify that another user added to the Superuser role can view all users.
3) Create a role that has MANAGE_SECURITY, but does *not* have VIEW_USERS. Add a user to that role. Verify that user can view all other users.
4) Create a role that has VIEW_USERS, but does *not* have MANAGE_SECURITY. Add a user to that role. Verify that user can view all other users.
5) Create a role with no permissions. Add a user to that role. Verify that user can *not* view any other users.
6) Create a user with no roles. Verify that user can *not* view any other users.
Comment 4 Jeeva Kandasamy 2012-04-25 12:34:14 UTC 
Verified on the Build:
Version: 4.4.0-SNAPSHOT
Build Number: 5ffafd2
GWT Version: 2.4.0
SmartGWT Version: 3.0

OS: RHEL 6.1 X86_64
Browser: Firefox ESR 10.0.3

Followed the steps on Comment 3. Unable to execute the step #3, because "View Users permission cannot be deselected, unless the Manage Security permission, which implies all other permissions, is deselected first."
Comment 5 Heiko W. Rupp 2013-08-31 10:15:45 UTC 
Bulk close of old bugs in VERIFIED state.