743522 – A non-admin user(LDAP user) without alert privileges when clicks on the group alert definition tab displays IllegalArgumentException

Bug 743522 - A non-admin user(LDAP user) without alert privileges when clicks on the group alert definition tab displays IllegalArgumentException

Summary: A non-admin user(LDAP user) without alert privileges when clicks on the group...

Keywords:
Status:	NEW
Alias:	None
Product:	RHQ Project
Classification:	Other
Component:	Core UI
Sub Component:
Version:	4.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-10-05 09:55 UTC by Sunil Kondkar
Modified:	2022-03-31 04:28 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)
ServerLog (16.62 KB, text/plain) 2011-10-05 09:55 UTC, Sunil Kondkar	no flags	Details
View All

Description Sunil Kondkar 2011-10-05 09:55:06 UTC

Description of problem:

Tried to access group alert definition by a non-admin user(LDAP user) without alert privileges. Navigating to the group alert definition tab displays exception in server log and a message 'Failed to fetch alert definition data' in UI.

Please find attached the server log

Version-Release number of selected component (if applicable):
Build#466 (Version: 4.1.0-SNAPSHOT Build Number: 092d688)

LDAP Details:

Active Directory Server (Windows Server 2003 R2)
URL: ldap://10.65.201.130:636
Search Base:  dc=pnq,dc=redhat,dc=com
Username:  cn=Administrator,cn=users,dc=pnq,dc=redhat,dc=com
Password:  redhat
Search Filter:  objectclass=*
Login Property:   cn
Group Search Filter:   objectclass=group
Group Member Filter:   member

LDAP Username/password:  suniltestad/Redhat123 ( Is a member of LDAP group: sunilgroupad )

How reproducible:
Always

Steps to Reproduce:

1. Create a LDAP group (Ex: sunilgroupad )
2. Create a LDAP user (suniltestad)
3. Add the LDAP user to the LDAP group

4. Login to rhq as rhqadmin
5. Create a compatible group of resource like RHQ Agent
6. Define an alert for the compatible group (Ex: Operation execution - Execute 7. the operation so that alert get fired)
8. Create a role (Assign the compatible group created and map to an LDAP group( sunilgroupad ) while creating the role)
9. Login to RHQ as LDAP user(suniltestad)
10. Navigate to Inventory->Compatible groups
11. Click on the compatible group name
12. Click on Alerts tab
13. Click on 'Definitions' sub tab
  
Actual results:

It displays exception in server log and a message 'Failed to fetch alert definition data' in UI.

Expected results:
No exception should be displayed

Additional info:

Comment 1 Sunil Kondkar 2011-10-05 09:55:41 UTC

Created attachment 526453 [details]
ServerLog

Comment 2 Sunil Kondkar 2011-10-05 12:28:42 UTC

This is also reproducible with a non-admin user with alert permissions (Non admin user can be LDAP user or RHQ user with alert permissions.)

Steps:
1. Login to rhq as rhqadmin.
2. Create a compatible group of resource like RHQ Agent.
3. Define an alert for the compatible group (Ex: Operation execution - Execute
   the operation so that alert get fired)
4. Create a RHQ user.
5. Create a role selecting only 'Manage Alerts' read and write permissions for 'Resource Permissions'. Add the compatible group and user created to the role.
6. Login to RHQ as the user.
7. Navigate to Inventory->Compatible groups.
8. Click on the compatible group name.
9. Click on Alerts tab.
10. Click on 'Definitions' sub tab.

Comment 3 Mike Foley 2011-10-05 14:23:12 UTC

goal should be you are not presented with options that you are not able to do.  still ... user cannot perform the activity.

Note You need to log in before you can comment on or make changes to this bug.