Bug 743522 - A non-admin user(LDAP user) without alert privileges when clicks on the group alert definition tab displays IllegalArgumentException
A non-admin user(LDAP user) without alert privileges when clicks on the group...
Status: NEW
Product: RHQ Project
Classification: Other
Component: Core UI (Show other bugs)
4.1
Unspecified Unspecified
medium Severity medium (vote)
: ---
: ---
Assigned To: RHQ Project Maintainer
Mike Foley
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-10-05 05:55 EDT by Sunil Kondkar
Modified: 2011-10-05 10:23 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
ServerLog (16.62 KB, text/plain)
2011-10-05 05:55 EDT, Sunil Kondkar
no flags Details

  None (edit)
Description Sunil Kondkar 2011-10-05 05:55:06 EDT
Description of problem:

Tried to access group alert definition by a non-admin user(LDAP user) without alert privileges. Navigating to the group alert definition tab displays exception in server log and a message 'Failed to fetch alert definition data' in UI.

Please find attached the server log

Version-Release number of selected component (if applicable):
Build#466 (Version: 4.1.0-SNAPSHOT Build Number: 092d688)

LDAP Details:

Active Directory Server (Windows Server 2003 R2)
URL: ldap://10.65.201.130:636
Search Base:  dc=pnq,dc=redhat,dc=com
Username:  cn=Administrator,cn=users,dc=pnq,dc=redhat,dc=com
Password:  redhat
Search Filter:  objectclass=*
Login Property:   cn
Group Search Filter:   objectclass=group
Group Member Filter:   member

LDAP Username/password:  suniltestad/Redhat123 ( Is a member of LDAP group: sunilgroupad )

How reproducible:
Always

Steps to Reproduce:

1. Create a LDAP group (Ex: sunilgroupad )
2. Create a LDAP user (suniltestad)
3. Add the LDAP user to the LDAP group

4. Login to rhq as rhqadmin
5. Create a compatible group of resource like RHQ Agent
6. Define an alert for the compatible group (Ex: Operation execution - Execute 7. the operation so that alert get fired)
8. Create a role (Assign the compatible group created and map to an LDAP group( sunilgroupad ) while creating the role)
9. Login to RHQ as LDAP user(suniltestad)
10. Navigate to Inventory->Compatible groups
11. Click on the compatible group name
12. Click on Alerts tab
13. Click on 'Definitions' sub tab
  
Actual results:

It displays exception in server log and a message 'Failed to fetch alert definition data' in UI.

Expected results:
No exception should be displayed

Additional info:
Comment 1 Sunil Kondkar 2011-10-05 05:55:41 EDT
Created attachment 526453 [details]
ServerLog
Comment 2 Sunil Kondkar 2011-10-05 08:28:42 EDT
This is also reproducible with a non-admin user with alert permissions (Non admin user can be LDAP user or RHQ user with alert permissions.)

Steps:
1. Login to rhq as rhqadmin.
2. Create a compatible group of resource like RHQ Agent.
3. Define an alert for the compatible group (Ex: Operation execution - Execute
   the operation so that alert get fired)
4. Create a RHQ user.
5. Create a role selecting only 'Manage Alerts' read and write permissions for 'Resource Permissions'. Add the compatible group and user created to the role.
6. Login to RHQ as the user.
7. Navigate to Inventory->Compatible groups.
8. Click on the compatible group name.
9. Click on Alerts tab.
10. Click on 'Definitions' sub tab.
Comment 3 Mike Foley 2011-10-05 10:23:12 EDT
goal should be you are not presented with options that you are not able to do.  still ... user cannot perform the activity.

Note You need to log in before you can comment on or make changes to this bug.