Bug 535131 - (RHQ-1859) test resource permission: Modify
test resource permission: Modify
Status: CLOSED NEXTRELEASE
Product: RHQ Project
Classification: Other
Component: No Component (Show other bugs)
unspecified
All All
high Severity medium (vote)
: ---
: ---
Assigned To: Simeon Pinder
http://jira.rhq-project.org/browse/RH...
: SubTask
Depends On:
Blocks: RHQ-1848
  Show dependency treegraph
 
Reported: 2009-03-26 13:32 EDT by John Mazzitelli
Modified: 2009-11-10 16:22 EST (History)
0 users

See Also:
Fixed In Version: 1.2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Mazzitelli 2009-03-26 13:32:00 EDT

    
Comment 1 John Mazzitelli 2009-03-26 13:39:24 EDT
test all the UI pages so the Modify permission takes effect.

(I'm actually not sure what this authorizes - need to check the code)
Comment 2 Simeon Pinder 2009-04-03 10:07:00 EDT
1) Created 'Everything' group including all discovered resources(See parent issue for details). 
2) Create two additional user accounts i) u:none with no role perms and member of everything group. ii)u:modify w/ 'modify' perms and member of 'Everything'
3) Logged into the app from three separate browsers(FFx2 & IE) with three separate accounts

Following results obtained while viewing/testing "  Logged in-> Resources -> Servers -> PostGres[postgres] -> Inventory"
#u:none  - details shown but NOT able to edit the inventory name.
#u:modify - details shown and ABLE to edit/change the name of the Postgres instance and successfully persist to JON inventory.
#u:rhqadmin - details shown and ABLE to edit/change the name of the Postgres instance and successfully persist to JON inventory.

Also checked to see if the edit url could be accessed from the user 'none' and successfully change the value. 
Ex. Use http://127.0.0.1:7080/rhq/resource/inventory/edit-general.xhtml?id=505053&conversationId=107

The 'none' user could see the edit page correctly but on submit the commit failed.  Not sure if this is a problem as edit was denied but page is visible.

SUMMARY: with the exception of edit url visible if entered by hand, this is working as expected.
 

Comment 3 Simeon Pinder 2009-04-14 02:36:34 EDT
Added one more level of restricted visibility group testing due to changes in group authorization mechanism.  See parent issue for more detailed description.

In addition to above, also created:
i) Recursive group that included the PostGres server and downward only.
ii) Role that included group from first step and only 'modify' perms selected.
ii) User attached to role.

Works as expected, but exposed links and information about parent hierarchy to root for Postgres incorrectly. All of these invalid links failed with ugly authorization errors and to exposed stack traces.

Jira for issue discovered: http://jira.rhq-project.org/browse/RHQ-1962    
Comment 4 Simeon Pinder 2009-04-14 03:18:32 EDT
Working as expected. One bug discovered. See issue details.
Comment 5 Red Hat Bugzilla 2009-11-10 15:48:16 EST
This bug was previously known as http://jira.rhq-project.org/browse/RHQ-1859

Note You need to log in before you can comment on or make changes to this bug.