Description of problem: I added a read only user "reader" and assign "Read Everything" role. when I login with reader and traversed Administration ==> users ==> select any user ==> environments on right tab and changed the new default organization, got: The default you supplied was the same as the old default. Since I'm login with read only user so this user shouldn't be allowed to change or even select the new default org from list box. Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: 1. Login with admin 2. create new user 'reader' 3. assign "read everything" role to reader 4. Login with reader and go to Administration tab 5. select user ==> environments on right tab and changed the new default organization Actual results: The default you supplied was the same as the old default Expected results: The list box shouldn't be available to read only user for any selection and disable the save button. Additional info: Started PUT "/katello//users/5/update_environment" for 10.65.193.48 at Thu Jan 12 17:22:57 +0530 2012 Processing by UsersController#update_environment as Parameters: {"id"=>"5"} Rendered text template (0.0ms) Completed 400 Bad Request in 46ms (Views: 0.7ms | ActiveRecord: 23.1ms)
Created attachment 552390 [details] User with Read only permissions shouldn't be allowed change default org or raised message should be correct.
Also observed that if you simply click on "save" without even selecting the new default org raising the following message on UI: The default you supplied was the same as the old default. Save button shouldn't be active when I'm not selecting any option from the list box.
shouldn't even show the Save if you don't have rights to make the change.
should be fixed as of http://git.fedorahosted.org/git/?p=katello.git;a=commit;h=95624038c590c34897b5aaeb83fc2100b207da6f
look at bz 783328 for the behaviour to verify.
Verified with katello-0.1.194-1.el6.noarch Found two issues: 1. Now I can not change the default org as none of the option listed under drop down list box. However instead of "No default organization" option, user's default org (ACME_Corporation) should be listed there which we have given at the time of user creation. 2. On clicking save button, nothing happens on UI, no notification/message. However getting this in production.log : Started PUT "/katello/users/2/update_environment" for 10.65.193.48 at Tue Jan 24 11:06:32 +0530 2012 Processing by UsersController#update_environment as Parameters: {"id"=>"2"} User reader is not allowed to access users/update_environment User reader is not allowed to access users/update_environment #<Errors::SecurityViolation: User reader is not allowed to access users/update_environment> /usr/share/katello/lib/authorization_rules.rb:31:in `authorize' /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:453:in `_run__434435962__process_action__1602723082__callbacks' /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:221:in `_conditional_callback_around_2670' /usr/share/katello/lib/util/threadsession.rb:79:in `thread_locals' <truncate> For complete logs please see the production.log attached in next comment.
Created attachment 557193 [details] production.logs after clicking on save button.
This second bug you are seeing is a side effect of https://bugzilla.redhat.com/show_bug.cgi?id=784319 To verify this fix works.. Change the environment via a user edit (as admin) -> environments and then verify as a read only user to make sure the env shows up.
Also wonder why you are seeing the save button. For I am not able to reproduce it. I did the following 1) Create new user (no default orgs) 2) Assigned read everything role 3) Logged in as that user and went to another user's environments. I did not see the save button. Save button should show up only if you are editing the Read Only user himself.
Yes..correct. Save button available only while editing the user with which we are logged in. Otherwise no 'save' button is available for other users. Moving this to verified and will track the other issue with 784319.
Created attachment 557426 [details] unable to change user's default org as no save button is there