Created attachment 1413096 [details] add_repository Description of problem: Add repository, Create service item: not available for restricted user Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Enable embedded ansible 2. Create a restricted user(restriction with tag) 3. navigate to Ansible-> Repository 4. Add new repository Actual results: Embedded Ansible Provider not found. Expected results: A user should be able to add a repository Additional info: The same for Creating service item, Ansible playbook disabled for the restricted user, even if the repository is already added and available for user
Not a regression - Confirmed by the reporter
Hi, I have few questions because I'm not able to recreate. Restricted user should be allowed only to items with specific tags? Has embedded Ansible provider a tag that is allowed for restricted user? How do you set tags to Embedded Ansible provider? Thanks, Zita
Hi Zita, 1. Restricted user should be allowed only to items with specific tags? yes Has embedded Ansible provider a tag that is allowed for restricted user? No, tag is not set, but user can do all actions regarding group role features is all How do you set tags to Embedded Ansible provider? Only using api
Hi, I still have problems reproducing. Could you please give me an appliance where I could try it out? Thanks, Zita
https://github.com/ManageIQ/manageiq-ui-classic/pull/4214
Hi Zita, I think if user role allows adding repository, for the restricted user, the user should have the ability to do so, even if the provider is restricted. As an example restricted user can add host/node for infra provider(restricted)
New commit detected on ManageIQ/manageiq-ui-classic/master: https://github.com/ManageIQ/manageiq-ui-classic/commit/0e836f5543ec83d72ba3ed7f3ad9fad2d23009fb commit 0e836f5543ec83d72ba3ed7f3ad9fad2d23009fb Author: Zita Nemeckova <znemecko> AuthorDate: Tue Jun 26 09:30:08 2018 -0400 Commit: Zita Nemeckova <znemecko> CommitDate: Tue Jun 26 09:30:08 2018 -0400 Don't allow user to create a repository if he has no rights to Embedded Ansible Provider Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1560535 app/helpers/application_helper/button/embedded_ansible.rb | 2 + 1 file changed, 2 insertions(+)
Hi Ruslana, in the end I had to forbid restricted user from creating a repository because API wouldn't allow it. There was no way around it. Could you create a separate BZ for Service Item scenario as it's not directly related to Repository one? And assign it to me. Thanks, Zita
Hi Zita, I've created a new issue for service item 1597221, as you requested Thanks
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:0212