A user with a role that should allow the creation of an alert on a resource is unable to save/create an alert definition. When a user with the proper role attempts to create an alert definition for a resource, the OK button (and Reset button) are not rendered on the Alert Definition page in the UI (http://localhost:7080/alerts/Config.do?id=10003&mode=new&conversationId=165) This prevents a user with valid permissions from creating or modifying an alert. When attempting to modify an existing alert, the Edit button is not rendered. 1. Create a Role with the following permissions: Global Permissions - None Resource Permissions - Authorized for Modify, Delete and Create Children Subsystem Permissions - Write on All and Read/Write on Configure 2. Assign a User 3. Assign a Resource Group 4. Login as the above user and try to create an Alert on one of the Resources 5. The OK button is not there. If there is an existing alert definition for a resource which the user has access to, click on the Alert Definition and the Edit button is missing from the Alert Properties, Condition Set, and Notifications Actions sections.
This is a bug in the hq:authorization JSP tag which checks for permissions of the current user. The workaround is to manually modify the URL such that: http://localhost:7080/alerts/Config.do?id=10003&mode=new will become http://localhost:7080/alerts/Config.do?id=10003&groupId=10003mode=new i.e. add a groupId parameter to the URL with the same value as the id parameter.
whoops, the "fixed" URL should have been: http://localhost:7080/alerts/Config.do?id=10003&groupId=10003&mode=new
Ok, I was wrong.. The workaround outlined above would cause the user to define a group alert instead of a resource alert. Not sure what an actually working solution to this should be without code modifications.
The fix has been pushed to release-3.0.0: commit 091cf3cc56cde7ab585bb55a14ea1740263b88d7 Author: Lukas Krejci <lkrejci> Date: Fri Feb 18 12:27:17 2011 +0100 BZ 678349 - fixing the authz logic in the hq:authorization JSP tag.
Verified on build101 (Version: 4.1.0-SNAPSHOT Build Number: 712d0e1) Created a group of jbossAs5 resources, created a role with the mentioned permissions. Assigned a user and the group of jbossAs5 resources to the role. Logged in as the assigned user and successfully created alert on the jbossAs5 resources and also verified that the assigned user can edit the alert in General Properties, Condition and Notification tabs. Marking as verified.
This is an RHQ 3 bug so I think this still should be tested against a build from release-3.0.1 branch.
Verified by applying the patch 'http://jon01.mw.lab.eng.bos.redhat.com:8042/dist/patches/2.4.0.GA/jon-server-2.4.0.GA-patch4.zip' to the jon240GA build. After applying the patch, it displays the OK and Reset buttons while creating an alert for the user having alert write role. Also verified that the user can edit the alert definition. Marking as verified.
Bulk closing of issues that were VERIFIED, had no target release and where the status changed more than a year ago.