745456 – Clicking on Summary->Timeline tab of a resource by a user without config read permission displays a pop up displaying a message 'Failed to load json data'

Bug 745456 - Clicking on Summary->Timeline tab of a resource by a user without config read permission displays a pop up displaying a message 'Failed to load json data'

Summary: Clicking on Summary->Timeline tab of a resource by a user without config read...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	RHQ Project
Classification:	Other
Component:	Core UI
Sub Component:
Version:	4.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	---
Target Release:	JON 3.0.0,RHQ 4.3.0
Assignee:	John Mazzitelli
QA Contact:	Mike Foley
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	jon30-sprint8
TreeView+	depends on / blocked

Reported:	2011-10-12 12:40 UTC by Sunil Kondkar
Modified:	2012-02-07 19:31 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)
Screenshot (116.73 KB, image/png) 2011-10-12 12:41 UTC, Sunil Kondkar	no flags	Details
ServerLog (8.97 KB, text/plain) 2011-10-12 12:41 UTC, Sunil Kondkar	no flags	Details
View All

Description Sunil Kondkar 2011-10-12 12:40:55 UTC

Description of problem:

Clicking on Summary->Timeline tab of a resource by a user without config read permission displays a pop up displaying below message :

"Failed to load json data from /resource/common/monitor/events/EventConfigJSON.jsp?id=10001&begin=1318390713800&end=1318419513800
Internal Server Error".

when user tries to navigate away and clicks on any tab or sub tab of the platform resource, the pop up still displays.

The server log displays PermissionException.

Please refer the attached screenshot and the server log.

Version-Release number of selected component (if applicable):

Build#510 (Version: 4.1.0-SNAPSHOT Build Number: 0a0e373)

Tested on Firefox versions '3.6.3' and '3.0.15'.

How reproducible:

Always

Steps to Reproduce:

1. Login to rhq as rhqadmin.
2. Create a user
3. Create a compatible group of resorce (Ex: RHQ Agent)
4. Create a role without 'Configure' resource permissions. (Or default permissions)
5. Assign user and compatible group to the role created.
6. Login as the user
7. Navigate to 'Inventory menu'->Servers->resource name (RHQ Agent)
8. Click on the 'Summary->Timeline' tab

  
Actual results:

It displays a pop up displaying a message 'Failed to load json data' and the server log displays PermissionException.

Expected results:

No exception and pop up message should be displayed.

Additional info:
This bug is not reproducible when user has configure read permissions.

Comment 1 Sunil Kondkar 2011-10-12 12:41:31 UTC

Created attachment 527690 [details]
Screenshot

Comment 2 Sunil Kondkar 2011-10-12 12:41:58 UTC

Created attachment 527691 [details]
ServerLog

Comment 3 John Mazzitelli 2011-10-26 16:28:21 UTC

in our EventJSON jsps that serve the JSON data, we need to wrap in try-catch block so as not to blow up the Timeline component.

I have this fixed on my local branch, will push once master is unfrozen

Comment 4 John Mazzitelli 2011-11-01 13:47:26 UTC

git commit:
release_jon3.x: 3d74362f9ea99bb0dd8a66ec85c012bbae6002df
master: fb1c12b52f9fc5e5ec98af36fbb669658f8f4380

Comment 5 Sunil Kondkar 2011-11-02 09:41:09 UTC

Verified on build#672 (Version: 4.3.0-SNAPSHOT Build Number: ca0281f)

Followed the steps and verified that it does not display any exception and pop up message navigating to Summary->Timeline tab of a resource by a user without config read permission.

Comment 6 Mike Foley 2012-02-07 19:26:10 UTC

marking VERIFIED JON 3 bugs to CLOSED/CURRENTRELEASE

Comment 7 Mike Foley 2012-02-07 19:31:45 UTC

changing status of VERIFIED BZs for JON 2.4.2 and JON 3.0 to CLOSED/CURRENTRELEASE

Note You need to log in before you can comment on or make changes to this bug.