Bug 796437 - Users with super user role cannot view other users
Users with super user role cannot view other users
Status: CLOSED CURRENTRELEASE
Product: RHQ Project
Classification: Other
Component: Core Server (Show other bugs)
4.3
Unspecified Unspecified
unspecified Severity high (vote)
: ---
: RHQ 4.3.0
Assigned To: RHQ Project Maintainer
Mike Foley
:
Depends On:
Blocks: jon310-sprint11/rhq44-sprint11 786159
  Show dependency treegraph
 
Reported: 2012-02-22 16:35 EST by John Sanda
Modified: 2013-08-31 06:15 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-31 06:15:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Sanda 2012-02-22 16:35:01 EST
Description of problem:
As a user in the super user role, e.g., rhqadmin, I cannot view other users in the users view. I came across this in master.

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1. Log in as rhqadmin (or another user in the super user role).
2. Create a new user, and do not assign the user to the super user role.
3. After the user is created you are sent to the users view, but you will not see the user even if you click the refresh button in the footer.
  
Actual results:

Expected results:


Additional info:
I assigned the new user to a new role, and when I (as rhqadmin) go to view that role and click on the users tab, I do see the user listed. I can log in as the new user as well. The new user can the see the list of users as expected. This problem appears to be specific to users in the super user role.
Comment 1 John Sanda 2012-02-22 21:44:41 EST
It appears that this may be related to bug 786159. CCing Ian Springer so he can take a look at this.
Comment 2 Ian Springer 2012-02-23 17:48:32 EST
Fixed in master:

http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commitdiff;h=ffad3bb

We now make sure superusers, or users w/ MANAGE_SECURITY, can view other users, even if they don't have VIEW_USERS.
Comment 3 Ian Springer 2012-02-27 12:44:44 EST
QA Steps
========
1) Verify that rhqadmin can view all other users.
2) Verify that another user added to the Superuser role can view all users.
3) Create a role that has MANAGE_SECURITY, but does *not* have VIEW_USERS. Add a user to that role. Verify that user can view all other users.
4) Create a role that has VIEW_USERS, but does *not* have MANAGE_SECURITY. Add a user to that role. Verify that user can view all other users.
5) Create a role with no permissions. Add a user to that role. Verify that user can *not* view any other users.
6) Create a user with no roles. Verify that user can *not* view any other users.
Comment 4 Jeeva Kandasamy 2012-04-25 08:34:14 EDT
Verified on the Build:
Version: 4.4.0-SNAPSHOT
Build Number: 5ffafd2
GWT Version: 2.4.0
SmartGWT Version: 3.0

OS: RHEL 6.1 X86_64
Browser: Firefox ESR 10.0.3

Followed the steps on Comment 3. Unable to execute the step #3, because "View Users permission cannot be deselected, unless the Manage Security permission, which implies all other permissions, is deselected first."
Comment 5 Heiko W. Rupp 2013-08-31 06:15:45 EDT
Bulk close of old bugs in VERIFIED state.

Note You need to log in before you can comment on or make changes to this bug.