Bug 743576 - Non admin user should not be able to change the field login enabled to 'No'
Non admin user should not be able to change the field login enabled to 'No'
Status: ON_DEV
Product: RHQ Project
Classification: Other
Component: Core UI (Show other bugs)
Unspecified Unspecified
low Severity low (vote)
: ---
: ---
Assigned To: RHQ Project Maintainer
Mike Foley
Depends On:
  Show dependency treegraph
Reported: 2011-10-05 08:19 EDT by Venkat
Modified: 2011-12-20 08:46 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Serverlog (10.94 KB, text/plain)
2011-10-05 08:19 EDT, Venkat
no flags Details

  None (edit)
Description Venkat 2011-10-05 08:19:49 EDT
Created attachment 526481 [details]

Description of problem:
Non admin user should not be able to change the field login enabled to 'No'

Version-Release number of selected component (if applicable):
Version: 4.1.0-SNAPSHOT
Build Number: 092d688

GWT Version: 2.0.4
SmartGWT Version: 2.4

How reproducible:
Every time

Steps to Reproduce:
1. Create a LDAP group (Ex: sunilgroupad )
2. Create a LDAP user (suniltestad)
3. Add the LDAP user to the LDAP group
4. Login to rhq as rhqadmin
5. Create a role with all global and resource permissions (Manage Security)
6. Logout and login to RHQ as LDAP user(suniltestad)
7. Navigate to administration tab --> users---> user link
8. Select "no" radio as for  Login enabled field
9. login with the same ldap user.
10. It won't allow the user to login as we changed to no.
11. But seen some authentication error message at server log 

Please find the log as attached ....
Actual results:
[org.rhq.enterprise.gui.authentication.AuthenticateUserAction] Could not log into the web application

Expected results:
There should be no exception.

Additional info:
At present the LDAP user cannot delete himself or he can not change his password. The same way ldap user should not be able to change the login enabled to 'No'
Comment 1 Mike Foley 2011-10-05 10:19:23 EDT
role has manage security ... which gives you full access to set all permissions, including enabling and disabling login.  user can correctly login, and receives an error message saying he cannot login.  the exception when someone not authenticated cannot login ... seems ok.  consider changing to debug message...

Note You need to log in before you can comment on or make changes to this bug.