Bug 968865
| Summary: | Group Remove link should be visible only to group owners and Beaker admins | ||
|---|---|---|---|
| Product: | [Retired] Beaker | Reporter: | xjia <xjia> |
| Component: | web UI | Assignee: | Amit Saha <asaha> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | tools-bugs <tools-bugs> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | develop | CC: | asaha, dcallagh, ebaak, llim, qwan, rglasz, rmancy, xtian |
| Target Milestone: | 0.13 | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-06-25 06:25:27 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
The link clinked in this case is actually one to remove the *group* from the Beaker instance. As in bug 968843 it really shouldn't appear for users who don't have the ability to delete it. However, it also appears that the link also isn't setting the group_id correctly, and the remove() implementation isn't handling that case. On Gerrit: http://gerrit.beaker-project.org/#/c/2017/ Verify: OK,no issue found. Version: beaker-0.12.1-1.git.199.c06a860.el6eng.noarch beaker-server-0.12.1-1.git.199.c06a860.el6eng.noarch Beaker 0.13.1 has been released. |
Description of problem: Admin create a group, and add one user to this group. Then this user log in beaker-devel. Go to "Hello,tfeng" --> "My Groups". And delete himself from one group. It will show 500 internal error. This is the traceback: 2013-05-30 07:11:04,073 cherrypy.msg INFO HTTP: Page handler: <bound method Groups.remove of <bkr.server.group.Groups object at 0x7fed4eedba90>> Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/CherryPy-2.3.0-py2.6.egg/cherrypy/_cphttptools.py", line 121, in _run self.main() File "/usr/lib/python2.6/site-packages/CherryPy-2.3.0-py2.6.egg/cherrypy/_cphttptools.py", line 264, in main body = page_handler(*virtual_path, **self.params) File "<string>", line 3, in remove File "/usr/lib/python2.6/site-packages/turbogears/identity/conditions.py", line 249, in require return fn(self, *args, **kwargs) File "<string>", line 3, in remove File "/usr/lib/python2.6/site-packages/turbogears/controllers.py", line 361, in expose *args, **kw) File "<generated code>", line 0, in run_with_transaction File "/usr/lib/python2.6/site-packages/peak/rules/core.py", line 153, in __call__ return self.body(*args, **kw) File "/usr/lib/python2.6/site-packages/turbogears/database.py", line 458, in sa_rwt retval = func(*args, **kw) File "<generated code>", line 0, in _expose File "/usr/lib/python2.6/site-packages/peak/rules/core.py", line 153, in __call__ return self.body(*args, **kw) File "/usr/lib/python2.6/site-packages/turbogears/controllers.py", line 390, in <lambda> fragment, options, args, kw))) File "/usr/lib/python2.6/site-packages/turbogears/controllers.py", line 425, in _execute_func output = errorhandling.try_call(func, *args, **kw) File "/usr/lib/python2.6/site-packages/turbogears/errorhandling.py", line 77, in try_call return func(self, *args, **kw) File "/usr/lib/python2.6/site-packages/bkr/server/group.py", line 559, in remove group = Group.by_id(kw['group_id']) KeyError: 'group_id' Version-Release number of selected component (if applicable): beaker-server-redhat-0.1.14-1.el6eng.noarch beaker-server-0.12.1-1.git.133.6c74a92.el6.noarch beaker-0.12.1-1.git.133.6c74a92.el6.noarch How reproducible: Always Steps to Reproduce: 1.Admin create a group, and add one member into this group 2.This member log in beaker-devel 3.Go to "Hello,**" --> "My Groups" 4.Remove himself from this group. Actual results: 500 Internal error Expected results: Show something like "have no permission to do this thing". Because this group is created by admin. Additional info: