560760 – JON GUI flow allows users without alert creation permissions to navigate to the "New Alert" page

Bug 560760 - JON GUI flow allows users without alert creation permissions to navigate to the "New Alert" page

Summary: JON GUI flow allows users without alert creation permissions to navigate to t...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	RHQ Project
Classification:	Other
Component:	Core UI
Sub Component:
Version:	1.3
Hardware:	All
OS:	All
Priority:	low
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	John Mazzitelli
QA Contact:	Mike Foley
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	rhq_triage rhq4
TreeView+	depends on / blocked

Reported:	2010-02-01 19:16 UTC by Mark Burchard
Modified:	2018-10-27 16:14 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-09-03 16:59:03 UTC
Embargoed:

Attachments	(Terms of Use)

Description Mark Burchard 2010-02-01 19:16:40 UTC

Description of problem:

(from ticket filed by user)

"I see if a user who has no 'Global Permissions', he can't define an alert. But eventhoug if this user open the tab 'Alert' the button 'New Definition' is aktiv. The user might think he can define an alert. But he click this button an enter to the edit page, he can't find any button of 'OK' etc. That means, in the fact this user can not create an alert.

My question: Why not deactiv the button 'New Definition' and the other? This will cause confussion to the user without global permissions."


(response by ccrouch)

Fixing this would be part of a much broader effort to change the UI to be uniformly proactive (JON greys out things you can't do) versus reactive (you try to do something and JON tells you that you can't)

Comment 1 Mark Burchard 2010-02-01 19:44:55 UTC

I have asked the customer to provide the exact Role permissions for this user, so that I can try and reproduce this.

Comment 2 wes hayutin 2010-02-16 16:53:40 UTC

Temporarily adding the keyword "SubBug" so we can be sure we have accounted for all the bugs.

keyword:
new = Tracking + FutureFeature + SubBug

Comment 3 wes hayutin 2010-02-16 16:58:54 UTC

making sure we're not missing any bugs in rhq_triage

Comment 5 Corey Welton 2010-09-13 20:18:40 UTC

mazz, let's make sure this works.

Comment 6 John Mazzitelli 2011-03-21 18:35:50 UTC

this still exists, but in a different way.

go to the Alert Definitions subtab and the New button is disabled. however, for those alert definitions that already exist, I can double click to view them (which is still OK) however, the "edit" button is enabled. I can click it and attempt to save. I do get a permissions error, but that comes from server side. We should disable the edit button if the user cannot edit an existing def

Comment 7 John Mazzitelli 2011-03-21 19:05:00 UTC

commit ab15b97

if you have a user that is not allowed to edit alerts, they can not create new alert defs or edit existing defs.

Comment 8 Sunil Kondkar 2011-06-14 12:10:01 UTC

Verified on build#123 (Version: 4.1.0-SNAPSHOT Build Number: a6d2d56)

Created a group of resources having alerts defined and created a user. Created a role without edit alerts and assigned the resource group and the user to the role.

Verified that the user without edit alerts can not create new alert definitions or edit existing definitions. The buttons New/Edit are disabled.

Marking as verified.

Comment 9 Heiko W. Rupp 2013-09-03 16:59:03 UTC

Bulk closing of old issues that are in VERIFIED state.

Note You need to log in before you can comment on or make changes to this bug.