Bug 678551 - JSP hq:authorization tag incorrectly determines authz in resources related JSP pages
JSP hq:authorization tag incorrectly determines authz in resources related JS...
Status: CLOSED CURRENTRELEASE
Product: RHQ Project
Classification: Other
Component: Core UI (Show other bugs)
4.0.0
All All
low Severity high (vote)
: ---
: ---
Assigned To: RHQ Project Maintainer
Corey Welton
:
Depends On: 678349
Blocks: jon30-bugs
  Show dependency treegraph
 
Reported: 2011-02-18 06:47 EST by Lukas Krejci
Modified: 2011-05-23 21:14 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 678349
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lukas Krejci 2011-02-18 06:47:54 EST
I'm changing the priority of this bug to low since we have a new GWT based UI for alerts in RHQ 4 (and alert defs were the original UI this was discovered in).

But because we are going to have some remnants of the Struts UI in RHQ 4, let's make sure this is fixed in master as well just in case there were some yet undiscovered areas in the UI that were affected by this.

+++ This bug was initially created as a clone of Bug #678349 +++

A user with a role that should allow the creation of an alert on a resource is unable to save/create an alert definition. When a user with the proper role attempts to create an alert definition for a resource, the OK button (and Reset button) are not rendered on the Alert Definition page in the UI (http://localhost:7080/alerts/Config.do?id=10003&mode=new&conversationId=165)

This prevents a user with valid permissions from creating or modifying an alert. When attempting to modify an existing alert, the Edit button is not rendered.



1. Create a Role with the following permissions:
Global Permissions - None
Resource Permissions - Authorized for Modify, Delete and Create Children
Subsystem Permissions - Write on All and Read/Write on Configure

2. Assign a User 
3. Assign a Resource Group
4. Login as the above user and try to create an Alert on one of the Resources
5. The OK button is not there.


If there is an existing alert definition for a resource which the user has access to, click on the Alert Definition and the Edit button is missing from the Alert Properties, Condition Set, and Notifications Actions sections.
Comment 1 Lukas Krejci 2011-02-18 07:04:29 EST
commit 3c32f3404771987a7c40548a71408190ca044867
Author: Lukas Krejci <lkrejci@redhat.com>
Date:   Fri Feb 18 13:01:56 2011 +0100

    BZ 678551 - fixing the authz logic in the hq:authorization JSP tag.
Comment 2 Mike Foley 2011-05-04 10:04:29 EDT
verified RHQ4.0 community release, by following the steps to repro.
Comment 3 Corey Welton 2011-05-23 21:14:40 EDT
Bookkeeping - closing bug - fixed in recent release.
Comment 4 Corey Welton 2011-05-23 21:14:40 EDT
Bookkeeping - closing bug - fixed in recent release.
Comment 5 Corey Welton 2011-05-23 21:14:41 EDT
Bookkeeping - closing bug - fixed in recent release.

Note You need to log in before you can comment on or make changes to this bug.