Bug 678349 - OK button missing from Alert Definition UI even when user has Alert Write Role
OK button missing from Alert Definition UI even when user has Alert Write Role
Status: CLOSED CURRENTRELEASE
Product: RHQ Project
Classification: Other
Component: Core UI (Show other bugs)
3.0.0
All All
high Severity urgent (vote)
: ---
: ---
Assigned To: Lukas Krejci
Mike Foley
:
Depends On:
Blocks: 678551
  Show dependency treegraph
 
Reported: 2011-02-17 11:38 EST by Larry O'Leary
Modified: 2013-09-02 03:22 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 678551 (view as bug list)
Environment:
JON 2.4.0
Last Closed: 2013-09-02 03:22:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Larry O'Leary 2011-02-17 11:38:23 EST
A user with a role that should allow the creation of an alert on a resource is unable to save/create an alert definition. When a user with the proper role attempts to create an alert definition for a resource, the OK button (and Reset button) are not rendered on the Alert Definition page in the UI (http://localhost:7080/alerts/Config.do?id=10003&mode=new&conversationId=165)

This prevents a user with valid permissions from creating or modifying an alert. When attempting to modify an existing alert, the Edit button is not rendered.



1. Create a Role with the following permissions:
Global Permissions - None
Resource Permissions - Authorized for Modify, Delete and Create Children
Subsystem Permissions - Write on All and Read/Write on Configure

2. Assign a User 
3. Assign a Resource Group
4. Login as the above user and try to create an Alert on one of the Resources
5. The OK button is not there.


If there is an existing alert definition for a resource which the user has access to, click on the Alert Definition and the Edit button is missing from the Alert Properties, Condition Set, and Notifications Actions sections.
Comment 1 Lukas Krejci 2011-02-17 12:15:47 EST
This is a bug in the hq:authorization JSP tag which checks for permissions of the current user.

The workaround is to manually modify the URL such that:

http://localhost:7080/alerts/Config.do?id=10003&mode=new

will become

http://localhost:7080/alerts/Config.do?id=10003&groupId=10003mode=new

i.e.

add a groupId parameter to the URL with the same value as the id parameter.
Comment 2 Lukas Krejci 2011-02-17 12:16:31 EST
whoops, the "fixed" URL should have been:

http://localhost:7080/alerts/Config.do?id=10003&groupId=10003&mode=new
Comment 3 Lukas Krejci 2011-02-17 12:27:33 EST
Ok, I was wrong.. The workaround outlined above would cause the user to define a group alert instead of a resource alert.

Not sure what an actually working solution to this should be without code modifications.
Comment 6 Lukas Krejci 2011-03-09 04:56:49 EST
The fix has been pushed to release-3.0.0:

commit 091cf3cc56cde7ab585bb55a14ea1740263b88d7
Author: Lukas Krejci <lkrejci@redhat.com>
Date:   Fri Feb 18 12:27:17 2011 +0100

    BZ 678349 - fixing the authz logic in the hq:authorization JSP tag.
Comment 7 Sunil Kondkar 2011-05-31 05:01:09 EDT
Verified on build101 (Version: 4.1.0-SNAPSHOT Build Number: 712d0e1)

Created a group of jbossAs5 resources, created a role with the mentioned permissions. Assigned a user and the group of jbossAs5 resources to the role.

Logged in as the assigned user and successfully created alert on the jbossAs5 resources and also verified that the assigned user can edit the alert in General Properties, Condition and Notification tabs.

Marking as verified.
Comment 8 Lukas Krejci 2011-05-31 05:27:10 EDT
This is an RHQ 3 bug so I think this still should be tested against a build from release-3.0.1 branch.
Comment 9 Sunil Kondkar 2011-06-21 06:52:16 EDT
Verified by applying the patch 'http://jon01.mw.lab.eng.bos.redhat.com:8042/dist/patches/2.4.0.GA/jon-server-2.4.0.GA-patch4.zip' to the jon240GA build.

After applying the patch, it displays the OK and Reset buttons while creating an alert for the user having alert write role. Also verified that the user can edit the alert definition.

Marking as verified.
Comment 10 Heiko W. Rupp 2013-09-02 03:22:46 EDT
Bulk closing of issues that were VERIFIED, had no target release and where the status changed more than a year ago.

Note You need to log in before you can comment on or make changes to this bug.