Red Hat Bugzilla – Bug 1227811
Service request cannot be deleted with nonadmin user, even if the permissions are ok
Last modified: 2015-12-08 08:15:42 EST
Created attachment 1034354 [details] service request delete button not found Description of problem: User with service request delete permissions, cannot delete service requests. Version-Release number of selected component (if applicable): 3.2 BETA How reproducible: Create a service request, and try to remove it with a user with enough privileges to do it. Steps to Reproduce: 1. Create a user with service request deleting privileges 2. Create a service request 3. Try to delete it Actual results: No delete button is shown Expected results: Delete button is shown, and if you press it, the request is deleted Additional info: Screenshots attached
Created attachment 1034355 [details] user details
Created attachment 1034356 [details] user details
Check the attached screenshots. When logged as admin, the request can be deleted, when logged as "onlyrequests", it cannot. Thanks.
Created attachment 1036140 [details] Delete button as admin in pending request
Created attachment 1036141 [details] Delete button missing as onlyrequests in pending request
Actually, the request wasn't created by that user, and it is pending. But then, what will be the point of only allow users to delete their own provision requests? I think users with enough permissions should be capable of deleting provision requests if needed.
New commit detected on manageiq/master: https://github.com/ManageIQ/manageiq/commit/d5fce031bf6ddfc53cd93f4a92ef3e195c90130a commit d5fce031bf6ddfc53cd93f4a92ef3e195c90130a Author: Harpreet Kataria <hkataria@redhat.com> AuthorDate: Thu Jun 11 15:13:14 2015 -0400 Commit: Harpreet Kataria <hkataria@redhat.com> CommitDate: Mon Jun 22 09:11:42 2015 -0400 Fixed display of request delete button - Fixed to show Request delete button if user has access to request delete feature. - Added changes to show request delete button admin users all the time - Show delete button but disable it if logged in user is not a submitter of the request with appropriate hover over text. Show delete button but disable it for non-admin user if request has already been approved or denied, with appropriate hover text. - Changed get_record_cls method to determine class for different types of Requests. https://bugzilla.redhat.com/show_bug.cgi?id=1227811 vmdb/app/helpers/application_helper.rb | 18 +++++--- vmdb/spec/helpers/application_helper_spec.rb | 69 ++++++++++++++++++++++++++-- 2 files changed, 77 insertions(+), 10 deletions(-)
New commit detected on cfme/5.4.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=72b94a4d341c909151262bace9df907dea3ca887 commit 72b94a4d341c909151262bace9df907dea3ca887 Author: Harpreet Kataria <hkataria@redhat.com> AuthorDate: Thu Jun 11 15:13:14 2015 -0400 Commit: Harpreet Kataria <hkataria@redhat.com> CommitDate: Tue Jun 23 10:22:53 2015 -0400 Fixed display of request delete button - Fixed to show Request delete button if user has access to request delete feature. - Added changes to show request delete button admin users all the time - Show delete button but disable it if logged in user is not a submitter of the request with appropriate hover over text. Show delete button but disable it for non-admin user if request has already been approved or denied, with appropriate hover text. - Changed get_record_cls method to determine class for different types of Requests. https://bugzilla.redhat.com/show_bug.cgi?id=1227811 (cherry picked from commit d5fce03) https://bugzilla.redhat.com/show_bug.cgi?id=1234935 vmdb/app/helpers/application_helper.rb | 18 +++++--- vmdb/spec/helpers/application_helper_spec.rb | 69 ++++++++++++++++++++++++++-- 2 files changed, 77 insertions(+), 10 deletions(-)
New commit detected on cfme/5.4.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=9b3a4716ea374e63c143c94279c07128e7774442 commit 9b3a4716ea374e63c143c94279c07128e7774442 Merge: 36efb1c 72b94a4 Author: Dan Clarizio <dclarizi@redhat.com> AuthorDate: Mon Jun 29 13:40:00 2015 -0400 Commit: Dan Clarizio <dclarizi@redhat.com> CommitDate: Mon Jun 29 13:40:00 2015 -0400 Merge branch '54z_bz_1234935' into '5.4.z' Fixed display of request delete button - Fixed to show Request delete button if user has access to request delete feature. - Added changes to show request delete button admin users all the time - Show delete button but disable it if logged in user is not a submitter of the request with appropriate hover over text. Show delete button but disable it for non-admin user if request has already been approved or denied, with appropriate hover text. - Changed get_record_cls method to determine class for different types of Requests. https://bugzilla.redhat.com/show_bug.cgi?id=1227811 (cherry picked from commit d5fce03) https://bugzilla.redhat.com/show_bug.cgi?id=1234935 PR: https://github.com/ManageIQ/manageiq/pull/3138 @dclarizio please review, this is a clean cherry-pick See merge request !142 vmdb/app/helpers/application_helper.rb | 18 +++++--- vmdb/spec/helpers/application_helper_spec.rb | 69 ++++++++++++++++++++++++++-- 2 files changed, 77 insertions(+), 10 deletions(-)
Create a simple user named "Jeff" in group Evm:User on 5.5.0.3 (https://10.8.58.233/ops/explorer) and logged in as that user. Next, I created a VM provision request. I clicked on the request, clicked the delete button, and it was deleted. Moving to Verified as the expected result was accomplished.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2015:2551