Bug 738333 - a user without permissions to view server settings is presented with a client-side callstack
a user without permissions to view server settings is presented with a client...
Product: RHQ Project
Classification: Other
Component: Core UI (Show other bugs)
Unspecified Unspecified
medium Severity medium (vote)
: ---
: ---
Assigned To: RHQ Project Maintainer
Mike Foley
Depends On:
Blocks: jon30-bugs rhq42
  Show dependency treegraph
Reported: 2011-09-14 11:01 EDT by Mike Foley
Modified: 2012-02-07 14:26 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-02-07 14:26:28 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
server log (542.32 KB, application/octet-stream)
2011-09-14 11:01 EDT, Mike Foley
no flags Details

  None (edit)
Description Mike Foley 2011-09-14 11:01:34 EDT
Created attachment 523173 [details]
server log

Description of problem:  a user without permissions to view server settings is presented with a client-side callstack instead of a more pleasing and informative client-side message.

Version-Release number of selected component (if applicable):
RHQ 4.1 09/14/2011 daily build

How reproducible:

Steps to Reproduce:
1.  create a role without "manage settings" and assign this role to a user
2.  login with this user, and click Administration--->System Settings
3.  observe client-side callstack
Actual results:
client-side callstack

Expected results:
informative message indicating that permissions do not allow this

Additional info:
Message :	
Cannot obtain the current system settings
Severity :	
Time :	
Wednesday, September 14, 2011 10:54:54 AM Etc/GMT+4
Detail :	
com.google.gwt.user.client.rpc.StatusCodeException:The call failed on the server; see server log for details
The call failed on the server; see server log for details
    at Unknown.java_lang_Throwable_fillInStackTrace__Ljava_lang_Throwable_2(Unknown source:0)
    at Unknown.com_google_gwt_user_client_rpc_StatusCodeException_$StatusCodeException__Lcom_google_gwt_user_client_rpc_StatusCodeException_2ILjava_lang_String_2Lcom_google_gwt_user_client_rpc_StatusCodeException_2(Unknown source:0)
    at Unknown.com_google_gwt_user_client_rpc_impl_RequestCallbackAdapter_$onResponseReceived__Lcom_google_gwt_user_client_rpc_impl_RequestCallbackAdapter_2Lcom_google_gwt_http_client_Request_2Lcom_google_gwt_http_client_Response_2V(Unknown source:0)
    at Unknown.org_rhq_enterprise_gui_coregui_client_util_rpc_TrackingRequestCallback_onResponseReceived__Lcom_google_gwt_http_client_Request_2Lcom_google_gwt_http_client_Response_2V(Unknown source:0)
    at Unknown.com_google_gwt_http_client_Request_$fireOnResponseReceived__Lcom_google_gwt_http_client_Request_2Lcom_google_gwt_http_client_RequestCallback_2V(Unknown source:0)
    at Unknown.com_google_gwt_http_client_RequestBuilder$1_onReadyStateChange__Lcom_google_gwt_xhr_client_XMLHttpRequest_2V(Unknown source:0)
    at Unknown.anonymous(Unknown source:0)
    at Unknown.com_google_gwt_core_client_impl_Impl_entry0__Ljava_lang_Object_2Ljava_lang_Object_2Ljava_lang_Object_2Ljava_lang_Object_2(Unknown source:0)
    at Unknown.anonymous(Unknown source:0)
    at Unknown.handleEvent(Unknown source:0)
    at Unknown.SJOWContentBoundary(Unknown source:0)
    at Unknown.anonymous(Unknown source:0)
Comment 1 Heiko W. Rupp 2011-09-30 10:25:02 EDT
Can you please re-try, as for me, when the user has not MANAGE_SETTINGS, the settings item on the admin page is greyed out and can not be selected, so no exception is thrown.
Comment 2 Sunil Kondkar 2011-10-03 07:35:51 EDT
Tried to reproduce on build#456 (Version: 4.1.0-SNAPSHOT Build Number: 702edd7)

Created a role without 'Manage Settings' permission and assigned this role to a user. When logged in as the user without 'Manage Settings' permissions and navigated to Administration--->System Settings, observed that the 'System Settings' item is greyed out and can not be selected.
Comment 3 Mike Foley 2011-10-03 13:21:57 EDT
i am seeing same behavior as heiko and sunil.
Comment 4 Mike Foley 2012-02-07 14:26:28 EST
changing status of VERIFIED BZs for JON 2.4.2 and JON 3.0 to CLOSED/CURRENTRELEASE

Note You need to log in before you can comment on or make changes to this bug.