Description of problem: When using a custom group copied from the EVMGROUP-Operator, A user with this role has the ability to edit tags when navigated to datastores via Compute > Infrastructure > Datastores. However if the user navigates to datastores through Compute > Infrastructure > Provider > --provider-- > Datastores, the error 'The user is not authorized for this task or item. [ems_infra/tagging_edit]' is given when tags are attempted to be edited. Version-Release number of selected component (if applicable): 5.9.3 How reproducible: Always Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Would expect to see these two methods of getting to datastores would have the same privilege. Additional info:
I recreated this by creating a copy of the operator role, creating a group with this role, and a user within this group. I then login as admin, add a provider with a datastore via refresh. Then, login as the new user. The policy toolbar is available and edit tags is available from Compute > Infrastructure > Datastores But not from Compute > Infrastructure > Provider > --provider-- > Datastores I believe both places should be checking for the product feature identifier: storage_tag but are not. Reassigning for UI review.
https://github.com/ManageIQ/manageiq-ui-classic/pull/4699
https://github.com/ManageIQ/manageiq-ui-classic/pull/4843
New commit detected on ManageIQ/manageiq-ui-classic/master: https://github.com/ManageIQ/manageiq-ui-classic/commit/b51408ef9500397e655055dd57891fc4d750cc52 commit b51408ef9500397e655055dd57891fc4d750cc52 Author: Harpreet Kataria <hkataria> AuthorDate: Fri Oct 26 13:14:50 2018 -0400 Commit: Harpreet Kataria <hkataria> CommitDate: Fri Oct 26 13:14:50 2018 -0400 Fixed feature id when checking assert_privileges. Code was checking for feature id as ems_infra_tag when trying to tag selected storages thru Provider relationship screen. This was causing an issue when user did not have access to ems_infra_tag feature but had access to storage_tag feature. Fixed code to check if `@display` is set to use that when setting feature id to check for. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1610957 app/controllers/application_controller/tags.rb | 2 +- spec/controllers/application_controller/tags_spec.rb | 17 + 2 files changed, 18 insertions(+), 1 deletion(-)
New commit detected on ManageIQ/manageiq-ui-classic/hammer: https://github.com/ManageIQ/manageiq-ui-classic/commit/3c8848c9b1d032b588b9e5968f1e7db23aca978d commit 3c8848c9b1d032b588b9e5968f1e7db23aca978d Author: Milan Zázrivec <mzazrivec> AuthorDate: Mon Oct 29 06:11:12 2018 -0400 Commit: Milan Zázrivec <mzazrivec> CommitDate: Mon Oct 29 06:11:12 2018 -0400 Merge pull request #4843 from h-kataria/fix_tagging_feature_id_check_for_relationship_screens Fixed feature id when checking assert_privileges. (cherry picked from commit 06036a2dffa377441642ab4bf8c13a0e33ffea34) Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1610957 app/controllers/application_controller/tags.rb | 2 +- spec/controllers/application_controller/tags_spec.rb | 17 + 2 files changed, 18 insertions(+), 1 deletion(-)
Fixed and verified in 5.10.0.25.20181120211723_d2fd659 Tag edit work for user in EVMGROUP-Operator both via "Compute > Infrastructure > Datastores" and "Compute > Infrastructure > Provider > --provider-- > Datastores"