Bug 839008

Summary: Indirect roles not checked for in WebUI
Product: Red Hat Enterprise Linux 6 Reporter: Dmitri Pal <dpal>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 6.4CC: jgalipea, mkosek, pvoborni, xdong
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-3.0.0-1.el6 Doc Type: Bug Fix
Doc Text:
Cause: Identity Management Web UI Administrator interface was not enabled for users who were indirect members of administrative roles, e.g. for a user which is a member of a group which is a member of administrative role. Consequence: Such users were not able to perform Identity Management administrative tasks via Web UI. Fix: Allow Web UI Administrator interface for indirect members of administrative roles. Result: Indirect members of administrative roles are now able to perform administrative tasks within Identity Management Web UI.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 09:16:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dmitri Pal 2012-07-10 15:51:47 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2899

When using the WebUI the admin navigation isn't enabled for users who are indirect members of roles.
Comment 1 Petr Vobornik 2012-07-11 07:23:41 UTC 
Fixed upstream: e494650b2cdb6ac7e1eda3da7cf03d4c36f2739a
Comment 2 Jenny Severance 2012-09-25 16:10:22 UTC 
regression test is automated
Comment 5 Xiyang Dong 2013-01-21 13:41:30 UTC 
verified in ipa-server-3.0.0-22.el6.x86_64

https://wiki.idm.lab.bos.redhat.com/qa/archive/ipa/webui/automation/firefox/test-output-ipa-server-3.0.0-QA/0114_64bit/full%20suite/IPARBACTestSuite/index.html

testIndirectRoles_Bug839008
Bug 839008 - Indirect Roles
Parameters: bug839008_IndirectRoles, Read DNS Entries, bug839008_privilege, bug839008_privilege desc, bug839008_role, bug839008_roleDesc, bug839008_user, bug839008_givenname, bug839008_sn, Secret123, bug839008_group, bug839008_group desc
Hide output Show all outputs
Starting Test: testIndirectRoles_Bug839008([bug839008_IndirectRoles, Read DNS Entries, bug839008_privilege, bug839008_privilege desc, bug839008_role, bug839008_roleDesc, bug839008_user, bug839008_givenname, bug839008_sn, Secret123, bug839008_group, bug839008_group desc])

Starting Test: testIndirectRoles_Bug839008([bug839008_IndirectRoles, Read DNS Entries, bug839008_privilege, bug839008_privilege desc, bug839008_role, bug839008_roleDesc, bug839008_user, bug839008_givenname, bug839008_sn, Secret123, bug839008_group, bug839008_group desc])

Add Permission - read dns entries

Asserted: Actual value of 'bug839008_privilege desc' matches expected value.

Asserted: Verified Read DNS Entries is listed for bug839008_privilege

Add Role - bug839008_role

Asserted: Verified privilege bug839008_privilege is listed for bug839008_role

Add User bug839008_user

Asserted: User added successfully

Add User Group bug839008_group

Asserted: User Group added successfully

Asserted: user bug839008_user is a member of user group bug839008_group

Asserted: User group bug839008_group is a memberof roles: bug839008_role

Asserted: Indirect membership of role to the user verified

Asserted: reset password for first time login

Password for bug839008_user:

Asserted: Logged in successfully as bug839008_user

Asserted: DNS zones listed - verified

Test Passed: testIndirectRoles_Bug839008([bug839008_IndirectRoles, Read DNS Entries, bug839008_privilege, bug839008_privilege desc, bug839008_role, bug839008_roleDesc, bug839008_user, bug839008_givenname, bug839008_sn, Secret123, bug839008_group, bug839008_group desc])

Test Passed: testIndirectRoles_Bug839008([bug839008_IndirectRoles, Read DNS Entries, bug839008_privilege, bug839008_privilege desc, bug839008_role, bug839008_roleDesc, bug839008_user, bug839008_givenname, bug839008_sn, Secret123, bug839008_group, bug839008_group desc])
Comment 7 errata-xmlrpc 2013-02-21 09:16:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html