1011858 – More consistent handling of loan permissions

Bug 1011858 - More consistent handling of loan permissions

Summary: More consistent handling of loan permissions

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Beaker
Classification:	Retired
Component:	web UI
Sub Component:
Version:	0.15
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	0.15.1
Assignee:	Nick Coghlan
QA Contact:	tools-bugs
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1015043 (view as bug list)
Depends On:
Blocks:	999391 1009333
TreeView+	depends on / blocked

Reported:	2013-09-25 09:11 UTC by wangjing
Modified:	2018-02-06 00:41 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2013-10-23 06:56:22 UTC
Embargoed:

Attachments	(Terms of Use)

Comment 2 Nick Coghlan 2013-09-27 01:54:46 UTC

Specifying desired behaviour:

1. loan-self should *only* allow the user to loan the system to themselves if it is not currently loaned to anyone else

2. loan-any grants full power over loans for that system, includes the ability to return other people's loans and the ability to transfer an existing loan to a different user

This patch should include appropriate documentation updates to describe the difference. Any related permissions errors should be reported through the UI rather than triggering an internal server error.

Comment 3 Nick Coghlan 2013-10-03 23:43:28 UTC

Bug 1015043 indicates this problem is more significant than we first thought.

Comment 4 Nick Coghlan 2013-10-03 23:43:48 UTC

*** Bug 1015043 has been marked as a duplicate of this bug. ***

Comment 5 Nick Coghlan 2013-10-04 04:17:46 UTC

Further clarification (based on bug 1015043): forcibly returning a loan should also cancel that user's current reservation (if any). There should be a confirmation prompt if a reservation would be cancelled.

Comment 6 Nick Coghlan 2013-10-04 04:22:36 UTC

Also, if the existing reservation is an automated one for a recipe, then the user attempting to forcibly return the loan will also need permission to cancel that job.

Comment 7 Jiri Jaburek 2013-10-07 13:12:52 UTC

(In reply to Nick Coghlan from comment #5)
> Further clarification (based on bug 1015043): forcibly returning a loan
> should also cancel that user's current reservation (if any). There should be
> a confirmation prompt if a reservation would be cancelled.

If the confirmation prompt is necessary (in the bkr cli client), please add some -y or -f parameter to automatically force it for scripting purposes.

Comment 8 Nick Coghlan 2013-10-09 05:44:35 UTC

Proposal to fix the loan and reservation permissions ACL mapping in 0.15.1: https://lists.fedorahosted.org/pipermail/beaker-devel/2013-October/000812.html

That approach should restore the same capabilities as existed in 0.14, without adding any new confirmation prompts.

Comment 9 Nick Coghlan 2013-10-10 06:30:41 UTC

On Gerrit: http://gerrit.beaker-project.org/#/c/2340/

Comment 10 Nick Coghlan 2013-10-11 03:06:29 UTC

I changed my mind on having returning a loan automatically return an existing reservation - that's more properly considered as part of the http://beaker-project.org/dev/proposals/improved-reservations-and-loans.html design proposal.

For this bug, I took the simpler approach of including the ability to return other user's manual reservations as part of the "loan_any" permission.

Comment 16 Raymond Mancy 2013-10-23 06:56:22 UTC

beaker 0.15.1 has been released.

Note You need to log in before you can comment on or make changes to this bug.