Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 1227811 - Service request cannot be deleted with nonadmin user, even if the permissions are ok
Service request cannot be deleted with nonadmin user, even if the permissions...
Status: CLOSED ERRATA
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - OPS (Show other bugs)
5.4.0
Unspecified Unspecified
high Severity high
: GA
: 5.5.0
Assigned To: Harpreet Kataria
Jeff Teehan
:
Depends On:
Blocks: 1234935
  Show dependency treegraph
 
Reported: 2015-06-03 10:23 EDT by Eduardo Minguez
Modified: 2015-12-08 08:15 EST (History)
7 users (show)

See Also:
Fixed In Version: 5.5.0.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1234935 (view as bug list)
Environment:
Last Closed: 2015-12-08 08:15:42 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
service request delete button not found (66.50 KB, image/png)
2015-06-03 10:23 EDT, Eduardo Minguez
no flags Details
user details (73.01 KB, image/png)
2015-06-03 10:23 EDT, Eduardo Minguez
no flags Details
user details (23.88 KB, image/png)
2015-06-03 10:23 EDT, Eduardo Minguez
no flags Details
Delete button as admin in pending request (78.51 KB, image/png)
2015-06-08 03:18 EDT, Eduardo Minguez
no flags Details
Delete button missing as onlyrequests in pending request (71.99 KB, image/png)
2015-06-08 03:18 EDT, Eduardo Minguez
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:2551 normal SHIPPED_LIVE Moderate: CFME 5.5.0 bug fixes and enhancement update 2015-12-08 12:58:09 EST

  None (edit)
Description Eduardo Minguez 2015-06-03 10:23:09 EDT
Created attachment 1034354 [details]
service request delete button not found

Description of problem:
User with service request delete permissions, cannot delete service requests.

Version-Release number of selected component (if applicable):
3.2 BETA

How reproducible:
Create a service request, and try to remove it with a user with enough privileges to do it.

Steps to Reproduce:
1. Create a user with service request deleting privileges
2. Create a service request
3. Try to delete it

Actual results:
No delete button is shown

Expected results:
Delete button is shown, and if you press it, the request is deleted

Additional info:
Screenshots attached
Comment 1 Eduardo Minguez 2015-06-03 10:23:31 EDT
Created attachment 1034355 [details]
user details
Comment 2 Eduardo Minguez 2015-06-03 10:23:47 EDT
Created attachment 1034356 [details]
user details
Comment 5 Eduardo Minguez 2015-06-08 03:17:40 EDT
Check the attached screenshots.

When logged as admin, the request can be deleted, when logged as "onlyrequests", it cannot.

Thanks.
Comment 6 Eduardo Minguez 2015-06-08 03:18:17 EDT
Created attachment 1036140 [details]
Delete button as admin in pending request
Comment 7 Eduardo Minguez 2015-06-08 03:18:42 EDT
Created attachment 1036141 [details]
Delete button missing as onlyrequests in pending request
Comment 9 Eduardo Minguez 2015-06-09 02:37:42 EDT
Actually, the request wasn't created by that user, and it is pending. But then, what will be the point of only allow users to delete their own provision requests?
I think users with enough permissions should be capable of deleting provision requests if needed.
Comment 11 CFME Bot 2015-06-22 18:02:22 EDT
New commit detected on manageiq/master:
https://github.com/ManageIQ/manageiq/commit/d5fce031bf6ddfc53cd93f4a92ef3e195c90130a

commit d5fce031bf6ddfc53cd93f4a92ef3e195c90130a
Author:     Harpreet Kataria <hkataria@redhat.com>
AuthorDate: Thu Jun 11 15:13:14 2015 -0400
Commit:     Harpreet Kataria <hkataria@redhat.com>
CommitDate: Mon Jun 22 09:11:42 2015 -0400

    Fixed display of request delete button
    
    - Fixed to show Request delete button if user has access to request delete feature.
    - Added changes to show request delete button admin users all the time
    - Show delete button but disable it if logged in user is not a submitter of the request with appropriate hover over text. Show delete button but disable it for non-admin user if request has already been approved or denied, with appropriate hover text.
    - Changed get_record_cls method to determine class for different types of Requests.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1227811

 vmdb/app/helpers/application_helper.rb       | 18 +++++---
 vmdb/spec/helpers/application_helper_spec.rb | 69 ++++++++++++++++++++++++++--
 2 files changed, 77 insertions(+), 10 deletions(-)
Comment 12 CFME Bot 2015-06-29 13:40:56 EDT
New commit detected on cfme/5.4.z:
https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=72b94a4d341c909151262bace9df907dea3ca887

commit 72b94a4d341c909151262bace9df907dea3ca887
Author:     Harpreet Kataria <hkataria@redhat.com>
AuthorDate: Thu Jun 11 15:13:14 2015 -0400
Commit:     Harpreet Kataria <hkataria@redhat.com>
CommitDate: Tue Jun 23 10:22:53 2015 -0400

    Fixed display of request delete button
    
    - Fixed to show Request delete button if user has access to request delete feature.
    - Added changes to show request delete button admin users all the time
    - Show delete button but disable it if logged in user is not a submitter of the request with appropriate hover over text. Show delete button but disable it for non-admin user if request has already been approved or denied, with appropriate hover text.
    - Changed get_record_cls method to determine class for different types of Requests.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1227811
    (cherry picked from commit d5fce03)
    https://bugzilla.redhat.com/show_bug.cgi?id=1234935

 vmdb/app/helpers/application_helper.rb       | 18 +++++---
 vmdb/spec/helpers/application_helper_spec.rb | 69 ++++++++++++++++++++++++++--
 2 files changed, 77 insertions(+), 10 deletions(-)
Comment 13 CFME Bot 2015-06-29 13:41:03 EDT
New commit detected on cfme/5.4.z:
https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=9b3a4716ea374e63c143c94279c07128e7774442

commit 9b3a4716ea374e63c143c94279c07128e7774442
Merge: 36efb1c 72b94a4
Author:     Dan Clarizio <dclarizi@redhat.com>
AuthorDate: Mon Jun 29 13:40:00 2015 -0400
Commit:     Dan Clarizio <dclarizi@redhat.com>
CommitDate: Mon Jun 29 13:40:00 2015 -0400

    Merge branch '54z_bz_1234935' into '5.4.z'
    
    Fixed display of request delete button
    
    - Fixed to show Request delete button if user has access to request delete feature.
    - Added changes to show request delete button admin users all the time
    - Show delete button but disable it if logged in user is not a submitter of the request with appropriate hover over text. Show delete button but disable it for non-admin user if request has already been approved or denied, with appropriate hover text.
    - Changed get_record_cls method to determine class for different types of Requests.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1227811
    (cherry picked from commit d5fce03)
    https://bugzilla.redhat.com/show_bug.cgi?id=1234935
    
    PR: https://github.com/ManageIQ/manageiq/pull/3138
    @dclarizio please review, this is a clean cherry-pick
    
    See merge request !142

 vmdb/app/helpers/application_helper.rb       | 18 +++++---
 vmdb/spec/helpers/application_helper_spec.rb | 69 ++++++++++++++++++++++++++--
 2 files changed, 77 insertions(+), 10 deletions(-)
Comment 14 Jeff Teehan 2015-10-07 13:11:41 EDT
Create a simple user named "Jeff" in group Evm:User on 5.5.0.3 (https://10.8.58.233/ops/explorer) and logged in as that user.

Next, I created a VM provision request.  I clicked on the request, clicked the delete button, and it was deleted.

Moving to Verified as the expected result was accomplished.
Comment 16 errata-xmlrpc 2015-12-08 08:15:42 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2015:2551

Note You need to log in before you can comment on or make changes to this bug.