1202304 – All buttons/dropdowns for which user doesn't have appropriate permissions needs to be disabled from discovered_host page

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1202304 - All buttons/dropdowns for which user doesn't have appropriate permissions needs to be disabled from discovered_host page

Summary: All buttons/dropdowns for which user doesn't have appropriate permissions nee...

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Discovery Plugin
Sub Component:
Version:	6.1.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	Unspecified
Assignee:	Lukas Zapletal
QA Contact:	Sachin Ghai
Docs Contact:
URL:	http://projects.theforeman.org/issues...
Whiteboard:
Depends On:
Blocks:	1193977
TreeView+	depends on / blocked

Reported:	2015-03-16 10:57 UTC by Sachin Ghai
Modified:	2019-09-26 17:38 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-08-01 20:01:44 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
provision dropdown active when "discover_reader" role assigned to normal user (33.92 KB, image/png) 2015-03-16 10:57 UTC, Sachin Ghai	no flags	Details
Select_actions dropdown and delete button needs to be disabled on facts page (34.07 KB, image/png) 2015-03-16 10:58 UTC, Sachin Ghai	no flags	Details
'delete' and select_action dropdown still visible to user assigned with 'disocvery_reader' role (66.48 KB, image/png) 2016-04-07 11:07 UTC, Sachin Ghai	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	14527	0	None	None	None	2016-04-22 15:47:09 UTC

Description Sachin Ghai 2015-03-16 10:57:02 UTC

Created attachment 1002206 [details]
provision dropdown active when "discover_reader" role assigned to normal user

Description of problem:
Created a user and assigned "discovery Reader" role to it. When  login with created user, I can see the discovered host. But I can also click on "provision dropdown". All values under dropdown are active.

Similarly when you click on 'discovered host' name, you will see facts page. On facts page too, "delete" and "Select action" dropdown are active.

These needs to be disabled though UI throws 403 permission denied error on clicking any of them. But this looks misleading. we should disable the buttons.

Version-Release number of selected component (if applicable):
sat6.1 beta snap6 compose2 (Satellite-6.1.0-RHEL-6-20150311.1).

How reproducible:
always 

Steps to Reproduce:
0. login with admin user
1. discover a host
2. define a discovery rule
3. create a new user and assign "Discovery Reader" role
4. logout
5. login with new user
6. go to hosts --> discovered host

Actual results:
on discovered_host page, I can also click on "provision dropdown". All values under dropdown are active.

Also, when you click on 'discovered host' name, you will see facts page. On facts page too, "delete" and "Select action" dropdown are active.

Expected results:
"provision dropdown" on discovered host page needs to be disabled.
"delete" and "Select action" dropdown on facts page needs to be disabled.

Additional info:

Comment 1 Sachin Ghai 2015-03-16 10:58:06 UTC

Created attachment 1002207 [details]
Select_actions dropdown and delete button needs to be disabled on facts page

Comment 3 Lukas Zapletal 2015-03-17 14:18:47 UTC

Ori, another permission-related. Please create appropriate upstream issues, link them and it looks like we need to review permissions for 2.0.1 discovery release (3.0.0 as well).

Comment 4 orabin 2015-09-07 07:05:28 UTC

Moving to post since this was fixed by lzap in: https://github.com/theforeman/foreman_discovery/commit/a6826bee71d7818959aca7dbbba035fb94a8c204

Comment 7 Sachin Ghai 2016-04-07 11:06:06 UTC

Verified with sat6 beta snap6.2

The bz description contains issues at two places:

1) "provision dropdown" on discovered_host page
2) "delete" and "Select action" dropdown on facts page


I can see see 'delete' and 'select action' dropdown on facts page with a normal user who has 'discovery_reader' role assigned.

Comment 8 Sachin Ghai 2016-04-07 11:07:23 UTC

Created attachment 1144681 [details]
'delete' and select_action dropdown still visible to user assigned with 'disocvery_reader' role

Comment 9 Lukas Zapletal 2016-04-07 13:51:58 UTC

Sachin, I can only see the dropdown on the Discovered Host detail page: Select action -> Provision...Reboot.

I don't see others in the code, can you provide screenshots of what you found?

Comment 10 Bryan Kearney 2016-04-07 14:01:05 UTC

Upstream bug component is Discovery Plugin

Comment 11 Sachin Ghai 2016-04-09 10:16:45 UTC

@Lzap: screenshot in comment8 clearly shows 'Delete' and 'Select action' dropdown.

Comment 13 Lukas Zapletal 2016-05-09 14:32:49 UTC

Merged upstream as https://github.com/theforeman/foreman_discovery/pull/266/files

Please try to apply the patch and if it fails (which I assume) simply move this bug to 6.3. This is not worth the effort in backporting, there have been big refactoring in upstream in the meantime.

Comment 15 Bryan Kearney 2017-08-01 20:01:44 UTC

The fix to this bug will be delivered with release 6.3 of Satellite.

Note You need to log in before you can comment on or make changes to this bug.