803715 – Changing Global Role Grants results in a "success" and "warning" message simultaneously

Bug 803715 - Changing Global Role Grants results in a "success" and "warning" message simultaneously

Summary: Changing Global Role Grants results in a "success" and "warning" message simu...

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	CloudForms Cloud Engine
Classification:	Retired
Component:	aeolus-conductor
Sub Component:
Version:	1.0.0
Hardware:	Unspecified
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	rc
Assignee:	Angus Thomas
QA Contact:	Rehana
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-03-15 13:54 UTC by Ronelle Landy
Modified:	2020-03-27 18:04 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)
User Roles Warning (171.86 KB, image/png) 2012-03-15 13:57 UTC, Ronelle Landy	no flags	Details
View All

Description Ronelle Landy 2012-03-15 13:54:54 UTC

Description of problem:

Global Role Grants page presents the user with a number of drop-down boxes. This allows users to change multiple roles concurrently - some of which may not be compatible. Fro example:

Steps to Reproduce:
1. Logged in as admin
2. Clicked on Users -> Global Role Grants
3. Saw 5 drop-down boxes available
4. Changed the roles in three of the boxes (one box was changed from from Global Administrator to Global Application Blueprint Administrator)
5. Did *not* click on the "Grant Access" yet
6. Conductor returned the following two messages together:

Notices

Successfully modified the following User Roles: admin (from Global Administrator to Global Application Blueprint Administrator)

Errors
You have insufficient privileges to perform the selected action.

Since I changed two other roles I am not sure which one was the offending change. And, I had not even confirmed my choice before the Administrator panel went blank and conductor returned those two messages (see attached screenshot)

This may involve some user error/ user ignorance again but it was easy for me to get myself into a mess here and not have an easy way to underdo the roles I'd lost in changing the other drop-down box choices.

rpms tested:

[root@ibm-x3200m3-01 ~]# rpm -qa |grep aeolus
rubygem-aeolus-cli-0.3.0-14.el6.noarch
aeolus-conductor-0.8.0-43.el6.noarch
rubygem-aeolus-image-0.3.0-12.el6.noarch
aeolus-conductor-daemons-0.8.0-43.el6.noarch
aeolus-all-0.8.0-43.el6.noarch
aeolus-conductor-doc-0.8.0-43.el6.noarch
aeolus-configure-2.5.0-18.el6.noarch

Comment 1 Ronelle Landy 2012-03-15 13:57:40 UTC

Created attachment 570297 [details]
User Roles Warning

Comment 2 Scott Seago 2012-03-15 23:23:41 UTC

You changed your (admin's) current role to something lesser. After the change, you no longer have permission to view the roles page. So both messages are accurate -- you succeeded in re-setting permissions, but now you can't see the results of your actions. So the two error messages are correct (but confusing). Also note that, in addition to the error message, the page itself is blank.

We should probably (post-1.0 perhaps?) add some sort of warning when a user attempts to change a role to him/herself (at the same time we implement client-side js-based table/grid action enabling). This would make it more obvious what's going on.

Not in the scope of this bug, but I'd advocate changing the "no permissions error" page to actually print the permission denied in the content area of the page itself rather than as a standard error message at the top of a (now blank) page.

Comment 6 Mike Orazi 2013-01-22 21:52:02 UTC

Do we intend to take action on this?  If not, let's CLOSED_WONT_FIX

Note You need to log in before you can comment on or make changes to this bug.