Bug 534817 (RHQ-1577) - protect operations views behind authorization
Summary: protect operations views behind authorization
Keywords:
Status: CLOSED NEXTRELEASE
Alias: RHQ-1577
Product: RHQ Project
Classification: Other
Component: Operations
Version: unspecified
Hardware: All
OS: All
medium
medium
Target Milestone: ---
: ---
Assignee: Joseph Marques
QA Contact: Heiko W. Rupp
URL: http://jira.rhq-project.org/browse/RH...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-02-16 04:18 UTC by Joseph Marques
Modified: 2009-03-17 15:43 UTC (History)
0 users

Fixed In Version: 1.2
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Joseph Marques 2009-02-16 04:18:00 UTC 
unless users have the CONTROL permission, prevent them from doing the following:
* scheduling operations
* "execute now" against some operation schedule
* unscheduling operations
* deleting operation history
Comment 1 Joseph Marques 2009-02-16 04:18:59 UTC 
this should be prevented for resources and resource groups
Comment 2 Joseph Marques 2009-02-16 04:40:09 UTC 
rev3074 - only render buttons for resource/group operations if user has appropriate permissions;
Comment 3 Heiko W. Rupp 2009-03-17 15:43:28 UTC 
This works when the user has no control permission *and no* manage-inventory permission.

rev QA-7408 

Why do we still show the OP-icon and tab in that case?
Comment 4 Red Hat Bugzilla 2009-11-10 20:35:58 UTC 
This bug was previously known as http://jira.rhq-project.org/browse/RHQ-1577
Note You need to log in before you can comment on or make changes to this bug.