535131 – (RHQ-1859) test resource permission: Modify

Bug 535131 (RHQ-1859) - test resource permission: Modify

Summary: test resource permission: Modify

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	RHQ-1859
Product:	RHQ Project
Classification:	Other
Component:	No Component
Sub Component:
Version:	unspecified
Hardware:	All
OS:	All
Priority:	high
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Simeon Pinder
QA Contact:
Docs Contact:
URL:	http://jira.rhq-project.org/browse/RH...
Whiteboard:
Depends On:
Blocks:	RHQ-1848
TreeView+	depends on / blocked

Reported:	2009-03-26 17:32 UTC by John Mazzitelli
Modified:	2009-11-10 21:22 UTC (History)
CC List:	0 users
Fixed In Version:	1.2
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description John Mazzitelli 2009-03-26 17:32:00 UTC

Comment 1 John Mazzitelli 2009-03-26 17:39:24 UTC

test all the UI pages so the Modify permission takes effect.

(I'm actually not sure what this authorizes - need to check the code)

Comment 2 Simeon Pinder 2009-04-03 14:07:00 UTC

1) Created 'Everything' group including all discovered resources(See parent issue for details). 
2) Create two additional user accounts i) u:none with no role perms and member of everything group. ii)u:modify w/ 'modify' perms and member of 'Everything'
3) Logged into the app from three separate browsers(FFx2 & IE) with three separate accounts

Following results obtained while viewing/testing "  Logged in-> Resources -> Servers -> PostGres[postgres] -> Inventory"
#u:none  - details shown but NOT able to edit the inventory name.
#u:modify - details shown and ABLE to edit/change the name of the Postgres instance and successfully persist to JON inventory.
#u:rhqadmin - details shown and ABLE to edit/change the name of the Postgres instance and successfully persist to JON inventory.

Also checked to see if the edit url could be accessed from the user 'none' and successfully change the value. 
Ex. Use http://127.0.0.1:7080/rhq/resource/inventory/edit-general.xhtml?id=505053&conversationId=107

The 'none' user could see the edit page correctly but on submit the commit failed.  Not sure if this is a problem as edit was denied but page is visible.

SUMMARY: with the exception of edit url visible if entered by hand, this is working as expected.

Comment 3 Simeon Pinder 2009-04-14 06:36:34 UTC

Added one more level of restricted visibility group testing due to changes in group authorization mechanism.  See parent issue for more detailed description.

In addition to above, also created:
i) Recursive group that included the PostGres server and downward only.
ii) Role that included group from first step and only 'modify' perms selected.
ii) User attached to role.

Works as expected, but exposed links and information about parent hierarchy to root for Postgres incorrectly. All of these invalid links failed with ugly authorization errors and to exposed stack traces.

Jira for issue discovered: http://jira.rhq-project.org/browse/RHQ-1962

Comment 4 Simeon Pinder 2009-04-14 07:18:32 UTC

Working as expected. One bug discovered. See issue details.

Comment 5 Red Hat Bugzilla 2009-11-10 20:48:16 UTC

This bug was previously known as http://jira.rhq-project.org/browse/RHQ-1859

Note You need to log in before you can comment on or make changes to this bug.