Red Hat Bugzilla – Bug 751091
Resource tree fails to render for non inventory manager
Last modified: 2012-02-07 14:19:59 EST
Non-inventory managers will get a permission error trying to render
the resource tree when navigating to any resource detail view.
This problem is due to the fix that went in for bug 734592. It used a
ResourceCriteria.fetchParentResource(true), which for security
reasons requires Manage Inventory global perm.
The fix will have to avoid that call.
master commit: a65ee3a2aff51ebba00fc897839d4719467830c0
release_jon3.x commit: 09e73f804a69af9899213f75944cc8443cfa905a
Remove use of ResourceCriteria.fetchParentResource(true) to support
AutoGroup naming. Instead, make use of the fact that the needed
resource information is available in an ancestral ResourceTreeNode.
This approach avoids the need for inventory manager perm (required
for fetchParentResource) and also the potential inabaility to
query for the resource on-demand, as it could be unavailable (locked)
to the user (but the locked resource tree node has what we need).
* Testing should be done with Inventory manager and Non-Inventory Manager
* bug 734592 should be re-qualified as this reimplements the fix
previously made for that bug. A suggested test sequence:
0) IF ALREADY IMPORTED, UN-IMPORT the RHQ Server resource
1) Import RHQ Server resource
2) As rhqadmin, ensure tree rendering and autogroup naming is correct
3) Create a new recursive group test-734592-group
3.1) Add all of the children of the RHQ Server resource (this is made
easier by adding the RHQ Server, letting it recursively add the children
and then going back and removing the RHQ Server resource)
4) Create a role test-734592-role
4.1) just the default read perms
4.2) assign the new test group
5) Create a new user test-734592-user
5.1) Assign the new test role
6) Login as the new test user
7) Navigate to a Datasource resource
8) The tree should render and the RHQ Server should show as locked
9) Click on the Datasources AutoGroup node.
10) Verify that the AG name is correct (no nulls, shows name of RHQ
Perform any other relevant testing that you can think of.
*** Bug 750897 has been marked as a duplicate of this bug. ***
*** Bug 773235 has been marked as a duplicate of this bug. ***
changing status of VERIFIED BZs for JON 2.4.2 and JON 3.0 to CLOSED/CURRENTRELEASE