Bug 1227811 - Service request cannot be deleted with nonadmin user, even if the permissions are ok
Summary: Service request cannot be deleted with nonadmin user, even if the permissions...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - OPS
Version: 5.4.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: GA
: 5.5.0
Assignee: Harpreet Kataria
QA Contact: Jeff Teehan
URL:
Whiteboard:
Depends On:
Blocks: 1234935
TreeView+ depends on / blocked
 
Reported: 2015-06-03 14:23 UTC by Eduardo Minguez
Modified: 2015-12-08 13:15 UTC (History)
7 users (show)

Fixed In Version: 5.5.0.1
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1234935 (view as bug list)
Environment:
Last Closed: 2015-12-08 13:15:42 UTC
Category: ---
Cloudforms Team: ---
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
service request delete button not found (66.50 KB, image/png)
2015-06-03 14:23 UTC, Eduardo Minguez
no flags Details
user details (73.01 KB, image/png)
2015-06-03 14:23 UTC, Eduardo Minguez
no flags Details
user details (23.88 KB, image/png)
2015-06-03 14:23 UTC, Eduardo Minguez
no flags Details
Delete button as admin in pending request (78.51 KB, image/png)
2015-06-08 07:18 UTC, Eduardo Minguez
no flags Details
Delete button missing as onlyrequests in pending request (71.99 KB, image/png)
2015-06-08 07:18 UTC, Eduardo Minguez
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:2551 0 normal SHIPPED_LIVE Moderate: CFME 5.5.0 bug fixes and enhancement update 2015-12-08 17:58:09 UTC

Description Eduardo Minguez 2015-06-03 14:23:09 UTC
Created attachment 1034354 [details]
service request delete button not found

Description of problem:
User with service request delete permissions, cannot delete service requests.

Version-Release number of selected component (if applicable):
3.2 BETA

How reproducible:
Create a service request, and try to remove it with a user with enough privileges to do it.

Steps to Reproduce:
1. Create a user with service request deleting privileges
2. Create a service request
3. Try to delete it

Actual results:
No delete button is shown

Expected results:
Delete button is shown, and if you press it, the request is deleted

Additional info:
Screenshots attached

Comment 1 Eduardo Minguez 2015-06-03 14:23:31 UTC
Created attachment 1034355 [details]
user details

Comment 2 Eduardo Minguez 2015-06-03 14:23:47 UTC
Created attachment 1034356 [details]
user details

Comment 5 Eduardo Minguez 2015-06-08 07:17:40 UTC
Check the attached screenshots.

When logged as admin, the request can be deleted, when logged as "onlyrequests", it cannot.

Thanks.

Comment 6 Eduardo Minguez 2015-06-08 07:18:17 UTC
Created attachment 1036140 [details]
Delete button as admin in pending request

Comment 7 Eduardo Minguez 2015-06-08 07:18:42 UTC
Created attachment 1036141 [details]
Delete button missing as onlyrequests in pending request

Comment 9 Eduardo Minguez 2015-06-09 06:37:42 UTC
Actually, the request wasn't created by that user, and it is pending. But then, what will be the point of only allow users to delete their own provision requests?
I think users with enough permissions should be capable of deleting provision requests if needed.

Comment 11 CFME Bot 2015-06-22 22:02:22 UTC
New commit detected on manageiq/master:
https://github.com/ManageIQ/manageiq/commit/d5fce031bf6ddfc53cd93f4a92ef3e195c90130a

commit d5fce031bf6ddfc53cd93f4a92ef3e195c90130a
Author:     Harpreet Kataria <hkataria>
AuthorDate: Thu Jun 11 15:13:14 2015 -0400
Commit:     Harpreet Kataria <hkataria>
CommitDate: Mon Jun 22 09:11:42 2015 -0400

    Fixed display of request delete button
    
    - Fixed to show Request delete button if user has access to request delete feature.
    - Added changes to show request delete button admin users all the time
    - Show delete button but disable it if logged in user is not a submitter of the request with appropriate hover over text. Show delete button but disable it for non-admin user if request has already been approved or denied, with appropriate hover text.
    - Changed get_record_cls method to determine class for different types of Requests.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1227811

 vmdb/app/helpers/application_helper.rb       | 18 +++++---
 vmdb/spec/helpers/application_helper_spec.rb | 69 ++++++++++++++++++++++++++--
 2 files changed, 77 insertions(+), 10 deletions(-)

Comment 12 CFME Bot 2015-06-29 17:40:56 UTC
New commit detected on cfme/5.4.z:
https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=72b94a4d341c909151262bace9df907dea3ca887

commit 72b94a4d341c909151262bace9df907dea3ca887
Author:     Harpreet Kataria <hkataria>
AuthorDate: Thu Jun 11 15:13:14 2015 -0400
Commit:     Harpreet Kataria <hkataria>
CommitDate: Tue Jun 23 10:22:53 2015 -0400

    Fixed display of request delete button
    
    - Fixed to show Request delete button if user has access to request delete feature.
    - Added changes to show request delete button admin users all the time
    - Show delete button but disable it if logged in user is not a submitter of the request with appropriate hover over text. Show delete button but disable it for non-admin user if request has already been approved or denied, with appropriate hover text.
    - Changed get_record_cls method to determine class for different types of Requests.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1227811
    (cherry picked from commit d5fce03)
    https://bugzilla.redhat.com/show_bug.cgi?id=1234935

 vmdb/app/helpers/application_helper.rb       | 18 +++++---
 vmdb/spec/helpers/application_helper_spec.rb | 69 ++++++++++++++++++++++++++--
 2 files changed, 77 insertions(+), 10 deletions(-)

Comment 13 CFME Bot 2015-06-29 17:41:03 UTC
New commit detected on cfme/5.4.z:
https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=9b3a4716ea374e63c143c94279c07128e7774442

commit 9b3a4716ea374e63c143c94279c07128e7774442
Merge: 36efb1c 72b94a4
Author:     Dan Clarizio <dclarizi>
AuthorDate: Mon Jun 29 13:40:00 2015 -0400
Commit:     Dan Clarizio <dclarizi>
CommitDate: Mon Jun 29 13:40:00 2015 -0400

    Merge branch '54z_bz_1234935' into '5.4.z'
    
    Fixed display of request delete button
    
    - Fixed to show Request delete button if user has access to request delete feature.
    - Added changes to show request delete button admin users all the time
    - Show delete button but disable it if logged in user is not a submitter of the request with appropriate hover over text. Show delete button but disable it for non-admin user if request has already been approved or denied, with appropriate hover text.
    - Changed get_record_cls method to determine class for different types of Requests.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1227811
    (cherry picked from commit d5fce03)
    https://bugzilla.redhat.com/show_bug.cgi?id=1234935
    
    PR: https://github.com/ManageIQ/manageiq/pull/3138
    @dclarizio please review, this is a clean cherry-pick
    
    See merge request !142

 vmdb/app/helpers/application_helper.rb       | 18 +++++---
 vmdb/spec/helpers/application_helper_spec.rb | 69 ++++++++++++++++++++++++++--
 2 files changed, 77 insertions(+), 10 deletions(-)

Comment 14 Jeff Teehan 2015-10-07 17:11:41 UTC
Create a simple user named "Jeff" in group Evm:User on 5.5.0.3 (https://10.8.58.233/ops/explorer) and logged in as that user.

Next, I created a VM provision request.  I clicked on the request, clicked the delete button, and it was deleted.

Moving to Verified as the expected result was accomplished.

Comment 16 errata-xmlrpc 2015-12-08 13:15:42 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2015:2551


Note You need to log in before you can comment on or make changes to this bug.