Bug 738333 - a user without permissions to view server settings is presented with a client-side callstack
Summary: a user without permissions to view server settings is presented with a client...
Alias: None
Product: RHQ Project
Classification: Other
Component: Core UI
Version: 4.1
Hardware: Unspecified
OS: Unspecified
medium vote
Target Milestone: ---
: ---
Assignee: RHQ Project Maintainer
QA Contact: Mike Foley
Depends On:
Blocks: jon30-bugs rhq42
TreeView+ depends on / blocked
Reported: 2011-09-14 15:01 UTC by Mike Foley
Modified: 2012-02-07 19:26 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2012-02-07 19:26:28 UTC

Attachments (Terms of Use)
server log (542.32 KB, application/octet-stream)
2011-09-14 15:01 UTC, Mike Foley
no flags Details

Description Mike Foley 2011-09-14 15:01:34 UTC
Created attachment 523173 [details]
server log

Description of problem:  a user without permissions to view server settings is presented with a client-side callstack instead of a more pleasing and informative client-side message.

Version-Release number of selected component (if applicable):
RHQ 4.1 09/14/2011 daily build

How reproducible:

Steps to Reproduce:
1.  create a role without "manage settings" and assign this role to a user
2.  login with this user, and click Administration--->System Settings
3.  observe client-side callstack
Actual results:
client-side callstack

Expected results:
informative message indicating that permissions do not allow this

Additional info:
Message :	
Cannot obtain the current system settings
Severity :	
Time :	
Wednesday, September 14, 2011 10:54:54 AM Etc/GMT+4
Detail :	
com.google.gwt.user.client.rpc.StatusCodeException:The call failed on the server; see server log for details
The call failed on the server; see server log for details
    at Unknown.java_lang_Throwable_fillInStackTrace__Ljava_lang_Throwable_2(Unknown source:0)
    at Unknown.com_google_gwt_user_client_rpc_StatusCodeException_$StatusCodeException__Lcom_google_gwt_user_client_rpc_StatusCodeException_2ILjava_lang_String_2Lcom_google_gwt_user_client_rpc_StatusCodeException_2(Unknown source:0)
    at Unknown.com_google_gwt_user_client_rpc_impl_RequestCallbackAdapter_$onResponseReceived__Lcom_google_gwt_user_client_rpc_impl_RequestCallbackAdapter_2Lcom_google_gwt_http_client_Request_2Lcom_google_gwt_http_client_Response_2V(Unknown source:0)
    at Unknown.org_rhq_enterprise_gui_coregui_client_util_rpc_TrackingRequestCallback_onResponseReceived__Lcom_google_gwt_http_client_Request_2Lcom_google_gwt_http_client_Response_2V(Unknown source:0)
    at Unknown.com_google_gwt_http_client_Request_$fireOnResponseReceived__Lcom_google_gwt_http_client_Request_2Lcom_google_gwt_http_client_RequestCallback_2V(Unknown source:0)
    at Unknown.com_google_gwt_http_client_RequestBuilder$1_onReadyStateChange__Lcom_google_gwt_xhr_client_XMLHttpRequest_2V(Unknown source:0)
    at Unknown.anonymous(Unknown source:0)
    at Unknown.com_google_gwt_core_client_impl_Impl_entry0__Ljava_lang_Object_2Ljava_lang_Object_2Ljava_lang_Object_2Ljava_lang_Object_2(Unknown source:0)
    at Unknown.anonymous(Unknown source:0)
    at Unknown.handleEvent(Unknown source:0)
    at Unknown.SJOWContentBoundary(Unknown source:0)
    at Unknown.anonymous(Unknown source:0)

Comment 1 Heiko W. Rupp 2011-09-30 14:25:02 UTC
Can you please re-try, as for me, when the user has not MANAGE_SETTINGS, the settings item on the admin page is greyed out and can not be selected, so no exception is thrown.

Comment 2 Sunil Kondkar 2011-10-03 11:35:51 UTC
Tried to reproduce on build#456 (Version: 4.1.0-SNAPSHOT Build Number: 702edd7)

Created a role without 'Manage Settings' permission and assigned this role to a user. When logged in as the user without 'Manage Settings' permissions and navigated to Administration--->System Settings, observed that the 'System Settings' item is greyed out and can not be selected.

Comment 3 Mike Foley 2011-10-03 17:21:57 UTC
i am seeing same behavior as heiko and sunil.

Comment 4 Mike Foley 2012-02-07 19:26:28 UTC
changing status of VERIFIED BZs for JON 2.4.2 and JON 3.0 to CLOSED/CURRENTRELEASE

Note You need to log in before you can comment on or make changes to this bug.