Red Hat Bugzilla – Bug 678551
JSP hq:authorization tag incorrectly determines authz in resources related JSP pages
Last modified: 2011-05-23 21:14:41 EDT
I'm changing the priority of this bug to low since we have a new GWT based UI for alerts in RHQ 4 (and alert defs were the original UI this was discovered in).
But because we are going to have some remnants of the Struts UI in RHQ 4, let's make sure this is fixed in master as well just in case there were some yet undiscovered areas in the UI that were affected by this.
+++ This bug was initially created as a clone of Bug #678349 +++
A user with a role that should allow the creation of an alert on a resource is unable to save/create an alert definition. When a user with the proper role attempts to create an alert definition for a resource, the OK button (and Reset button) are not rendered on the Alert Definition page in the UI (http://localhost:7080/alerts/Config.do?id=10003&mode=new&conversationId=165)
This prevents a user with valid permissions from creating or modifying an alert. When attempting to modify an existing alert, the Edit button is not rendered.
1. Create a Role with the following permissions:
Global Permissions - None
Resource Permissions - Authorized for Modify, Delete and Create Children
Subsystem Permissions - Write on All and Read/Write on Configure
2. Assign a User
3. Assign a Resource Group
4. Login as the above user and try to create an Alert on one of the Resources
5. The OK button is not there.
If there is an existing alert definition for a resource which the user has access to, click on the Alert Definition and the Edit button is missing from the Alert Properties, Condition Set, and Notifications Actions sections.
Author: Lukas Krejci <email@example.com>
Date: Fri Feb 18 13:01:56 2011 +0100
BZ 678551 - fixing the authz logic in the hq:authorization JSP tag.
verified RHQ4.0 community release, by following the steps to repro.
Bookkeeping - closing bug - fixed in recent release.