Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1202304

Summary: All buttons/dropdowns for which user doesn't have appropriate permissions needs to be disabled from discovered_host page
Product: Red Hat Satellite Reporter: Sachin Ghai <sghai>
Component: Discovery PluginAssignee: Lukas Zapletal <lzap>
Status: CLOSED NEXTRELEASE QA Contact: Sachin Ghai <sghai>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.1.0CC: bbuckingham, bkearney, lzap, riehecky, sghai
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
URL: http://projects.theforeman.org/issues/14527
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 20:01:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1193977    
Attachments:
Description Flags
provision dropdown active when "discover_reader" role assigned to normal user
none
Select_actions dropdown and delete button needs to be disabled on facts page
none
'delete' and select_action dropdown still visible to user assigned with 'disocvery_reader' role none

Description Sachin Ghai 2015-03-16 10:57:02 UTC 
Created attachment 1002206 [details]
provision dropdown active when "discover_reader" role assigned to normal user

Description of problem:
Created a user and assigned "discovery Reader" role to it. When  login with created user, I can see the discovered host. But I can also click on "provision dropdown". All values under dropdown are active.

Similarly when you click on 'discovered host' name, you will see facts page. On facts page too, "delete" and "Select action" dropdown are active.

These needs to be disabled though UI throws 403 permission denied error on clicking any of them. But this looks misleading. we should disable the buttons.

Version-Release number of selected component (if applicable):
sat6.1 beta snap6 compose2 (Satellite-6.1.0-RHEL-6-20150311.1).

How reproducible:
always 

Steps to Reproduce:
0. login with admin user
1. discover a host
2. define a discovery rule
3. create a new user and assign "Discovery Reader" role
4. logout
5. login with new user
6. go to hosts --> discovered host

Actual results:
on discovered_host page, I can also click on "provision dropdown". All values under dropdown are active.

Also, when you click on 'discovered host' name, you will see facts page. On facts page too, "delete" and "Select action" dropdown are active.

Expected results:
"provision dropdown" on discovered host page needs to be disabled.
"delete" and "Select action" dropdown on facts page needs to be disabled.

Additional info:
Comment 1 Sachin Ghai 2015-03-16 10:58:06 UTC 
Created attachment 1002207 [details]
Select_actions dropdown and delete button needs to be disabled on facts page
Comment 3 Lukas Zapletal 2015-03-17 14:18:47 UTC 
Ori, another permission-related. Please create appropriate upstream issues, link them and it looks like we need to review permissions for 2.0.1 discovery release (3.0.0 as well).
Comment 4 orabin 2015-09-07 07:05:28 UTC 
Moving to post since this was fixed by lzap in: https://github.com/theforeman/foreman_discovery/commit/a6826bee71d7818959aca7dbbba035fb94a8c204
Comment 7 Sachin Ghai 2016-04-07 11:06:06 UTC 
Verified with sat6 beta snap6.2

The bz description contains issues at two places:

1) "provision dropdown" on discovered_host page
2) "delete" and "Select action" dropdown on facts page


I can see see 'delete' and 'select action' dropdown on facts page with a normal user who has 'discovery_reader' role assigned.
Comment 8 Sachin Ghai 2016-04-07 11:07:23 UTC 
Created attachment 1144681 [details]
'delete' and select_action dropdown still visible to user assigned with 'disocvery_reader' role
Comment 9 Lukas Zapletal 2016-04-07 13:51:58 UTC 
Sachin, I can only see the dropdown on the Discovered Host detail page: Select action -> Provision...Reboot.

I don't see others in the code, can you provide screenshots of what you found?
Comment 10 Bryan Kearney 2016-04-07 14:01:05 UTC 
Upstream bug component is Discovery Plugin
Comment 11 Sachin Ghai 2016-04-09 10:16:45 UTC 
@Lzap: screenshot in comment8 clearly shows 'Delete' and 'Select action' dropdown.
Comment 13 Lukas Zapletal 2016-05-09 14:32:49 UTC 
Merged upstream as https://github.com/theforeman/foreman_discovery/pull/266/files

Please try to apply the patch and if it fails (which I assume) simply move this bug to 6.3. This is not worth the effort in backporting, there have been big refactoring in upstream in the meantime.
Comment 15 Bryan Kearney 2017-08-01 20:01:44 UTC 
The fix to this bug will be delivered with release 6.3 of Satellite.