Bug 1012591 - RBAC: Scoped properties - buttons visible for roles without permissions
Summary: RBAC: Scoped properties - buttons visible for roles without permissions
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Web Console
Version: 6.2.0
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ER4
: EAP 6.2.0
Assignee: Heiko Braun
QA Contact: Jakub Cechacek
Russell Dickenson
URL:
Whiteboard:
Depends On:
Blocks: 1014047
TreeView+ depends on / blocked
 
Reported: 2013-09-26 17:08 UTC by Jakub Cechacek
Modified: 2013-12-15 16:16 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2013-12-15 16:16:44 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker HAL-233 0 Major Resolved Scoped properties - buttons visible for roles without permissions 2013-11-21 22:48:16 UTC

Description Jakub Cechacek 2013-09-26 17:08:58 UTC
Add / remove buttons are visible for some roles which actually don't have the permission to create / remove System properties scoped to Group / Host / Server. 

Example - maintainer role scoped to main server group + Serve / Group scoped system properties

Comment 1 Jakub Cechacek 2013-09-27 07:59:45 UTC
User without permission can also try to create the role, however the operation will fail on server side.

Comment 2 JBoss JIRA Server 2013-10-01 09:35:47 UTC
Heiko Braun <ike.braun> updated the status of jira HAL-233 to Resolved

Comment 3 Vladimir Dosoudil 2013-10-01 12:07:20 UTC
Moving back to ASSIGNED (https://docspace.corp.redhat.com/docs/DOC-154626).
There's no PR to eap 6.x github repo https://github.com/jbossas/jboss-eap/

Comment 4 Vladimir Dosoudil 2013-10-01 12:49:01 UTC
The umbrella issue 1014047 is available now.

Comment 8 Jakub Cechacek 2013-10-09 07:59:55 UTC
Verified 6.2.0.ER5


Note You need to log in before you can comment on or make changes to this bug.