Description of problem: The UserRole has Basic Operations->Change CD permissions by default. But in the VM Portal to change the CD the user must click in 'Edit' and this is disabled for the UserRole as it does not have permissions to edit the VM. Version-Release number of selected component (if applicable): - Customer in 4.2 (secure env) - Reproduced with upstream 4.3.0-0.3.alpha2.20181205141057.el7 How reproducible: 100% Steps to Reproduce: 1. Login to VM Portal with UserRole to a VM 2. Try to Change CD Actual results: Edit button is grayed out Expected results: Edit button is available to change CD, or change CD from somewhere else within the UI.
WARN: Bug status wasn't changed from MODIFIED to ON_QA due to the following reason: [Found non-acked flags: '{'rhevm-4.3-ga': '?'}', ] For more info please contact: rhv-devops: Bug status wasn't changed from MODIFIED to ON_QA due to the following reason: [Found non-acked flags: '{'rhevm-4.3-ga': '?'}', ] For more info please contact: rhv-devops
User with UserRole or role with permit 'Change CD' on the running VM can't still change CD. See attachment. engine log contains: 2019-01-29 09:31:08,832+01 ERROR [org.ovirt.engine.core.bll.GetPermissionsForObjectQuery] (default task-58) [4e1a663a-ef9e-4a21-999c-139989bb53ef] Query execution failed due to insufficient permissions. 2019-01-29 09:31:08,834+01 ERROR [org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default task-58) [] Operation Failed: query execution failed due to insufficient permissions. when going to VM detail. browser console shows "permits":["edit_profile","login","change_vm_cd"] in UPDATE_VMS tested in ovirt-web-ui-1.5.0-1.el7ev.noarch with ovirt-engine-4.3.0-0.8.rc2.el7.noarch
Created attachment 1524486 [details] VM detail
Here is a link to the design document that features a couple different design options. I'm partial to the third option in the doc. https://docs.google.com/document/d/1bDfsIf9UPuEJyxwTmoPs4iAZ6bQ2kd-Kv6TbHCeisxk/edit?usp=sharing
Update the Details card so "normal" users can edit the CD. I needed to update the "editVm" saga as well to support only changing the current CD. All other change CD operations requires edit VM permissions. PR: https://github.com/oVirt/ovirt-web-ui/pull/952
INFO: Bug status (ON_QA) wasn't changed but the folowing should be fixed: [No relevant external trackers attached] For more info please contact: rhv-devops
Verified on ovirt-engine-4.3.1.1-0.1.el7.noarch. Verified by following the reproducer.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2019:1085
sync2jira