Bug 786159 - Remove default ability to see user details
Summary: Remove default ability to see user details
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: RHQ Project
Classification: Other
Component: Core Server, Core UI
Version: 4.2
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: ---
: JON 3.1.0
Assignee: Charles Crouch
QA Contact: Mike Foley
URL:
Whiteboard:
Depends On: 796437 798465
Blocks: jon310-sprint11, rhq44-sprint11
TreeView+ depends on / blocked
 
Reported: 2012-01-31 15:55 UTC by Charles Crouch
Modified: 2018-11-26 18:29 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-09-03 15:06:23 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker PRODMGT-87 0 None Closed Users without admin role should not be able to see other users and user details on the system 2012-04-17 03:53:16 UTC

Description Charles Crouch 2012-01-31 15:55:03 UTC
This BZ is aimed at implementing part of https://issues.jboss.org/browse/PRODMGT-87
The idea is that users without specific priviliges should not be able to see detailed information about other users in the system.
There seem to be two options

1) Require MANAGE_SECURITY (or MANAGE_USERS) permissions for users to see any details beyond usernames.
w/o  MANAGE_SECURITY users going to localhost:7080/coregui/#Administration/Security/Users would just see a list of usernames and only their own link should be clickable. Similarly if there are sections of the app that display usernames they should not be clickable to show any more information about the user unless the clicking user has MANAGE_SECURITY permission. 
A user with MANAGE_SECURITY permissions would see what all users see today wrt user information.

or

2) Add in a new permission, e.g. VIEW_USER_DETAILS, that when enabled would allow users the access they have today, i.e. can view detailed information on all users. A user without this new permission, would get the restricted view described in 1) above.

Comment 4 Charles Crouch 2012-02-15 13:22:28 UTC
Ian, please discuss your intended approach on rhq-devel

Comment 5 Ian Springer 2012-02-20 23:17:27 UTC
This is done in master:

http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commitdiff;h=e2bbfdf

I added a new global perm named VIEW_USERS, which is required in order to view other RHQ users. Enforcement of the permission is implemented at the SLSB layer (in SubjectManagerBean). For backward compatibility sake, dbsetup gives existing roles the new permission, and the create new role view in the GUI selects the checkbox for the VIEW_USERS perm by default.

Comment 6 Ian Springer 2012-02-21 16:38:00 UTC
http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commitdiff;h=fd854c8 adds functional tests for this feature. I still need to write tests that verify the VIEW_USERS permission gets added to existing roles by dbupgrade.

Comment 7 Ian Springer 2012-02-23 22:50:01 UTC
The dbsetup/dbupgrade test have been added in master:

http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commitdiff;h=5371524

Comment 8 Mike Foley 2012-03-21 14:21:07 UTC
Documenting the acceptance criteria for this BZ, as follows:

Acceptance Criteria: 
-Users in roles without the new VIEW_USER_DETAILS permission will not be able to see any JON user information in the system beyond usernames 
-Users in roles with the new VIEW_USER_DETAILS permission will be able to see JON user information across the system just as the do today. 
-In upgraded systems all old roles will have the VIEW_USER_DETAILS permission, so there will be no change in behaviour for existing users

Comment 9 Mike Foley 2012-03-21 14:53:36 UTC
added TCMS testcase as follows:  https://tcms.engineering.redhat.com/case/146315/?from_plan=5753

Comment 10 Mike Foley 2012-03-21 15:00:18 UTC
verified

Comment 12 Heiko W. Rupp 2013-09-03 15:06:23 UTC
Bulk closing of old issues in VERIFIED state.


Note You need to log in before you can comment on or make changes to this bug.