Bug 839008 - Indirect roles not checked for in WebUI
Summary: Indirect roles not checked for in WebUI
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.4
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: Namita Soman
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-07-10 15:51 UTC by Dmitri Pal
Modified: 2013-02-21 09:16 UTC (History)
4 users (show)

Fixed In Version: ipa-3.0.0-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: Identity Management Web UI Administrator interface was not enabled for users who were indirect members of administrative roles, e.g. for a user which is a member of a group which is a member of administrative role. Consequence: Such users were not able to perform Identity Management administrative tasks via Web UI. Fix: Allow Web UI Administrator interface for indirect members of administrative roles. Result: Indirect members of administrative roles are now able to perform administrative tasks within Identity Management Web UI.
Clone Of:
Environment:
Last Closed: 2013-02-21 09:16:40 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0528 normal SHIPPED_LIVE Low: ipa security, bug fix and enhancement update 2013-02-21 08:22:21 UTC

Description Dmitri Pal 2012-07-10 15:51:47 UTC
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2899

When using the WebUI the admin navigation isn't enabled for users who are indirect members of roles.

Comment 1 Petr Vobornik 2012-07-11 07:23:41 UTC
Fixed upstream: e494650b2cdb6ac7e1eda3da7cf03d4c36f2739a

Comment 2 Jenny Severance 2012-09-25 16:10:22 UTC
regression test is automated

Comment 5 Xiyang Dong 2013-01-21 13:41:30 UTC
verified in ipa-server-3.0.0-22.el6.x86_64

https://wiki.idm.lab.bos.redhat.com/qa/archive/ipa/webui/automation/firefox/test-output-ipa-server-3.0.0-QA/0114_64bit/full%20suite/IPARBACTestSuite/index.html

testIndirectRoles_Bug839008
Bug 839008 - Indirect Roles
Parameters: bug839008_IndirectRoles, Read DNS Entries, bug839008_privilege, bug839008_privilege desc, bug839008_role, bug839008_roleDesc, bug839008_user, bug839008_givenname, bug839008_sn, Secret123, bug839008_group, bug839008_group desc
Hide output Show all outputs
Starting Test: testIndirectRoles_Bug839008([bug839008_IndirectRoles, Read DNS Entries, bug839008_privilege, bug839008_privilege desc, bug839008_role, bug839008_roleDesc, bug839008_user, bug839008_givenname, bug839008_sn, Secret123, bug839008_group, bug839008_group desc])

Starting Test: testIndirectRoles_Bug839008([bug839008_IndirectRoles, Read DNS Entries, bug839008_privilege, bug839008_privilege desc, bug839008_role, bug839008_roleDesc, bug839008_user, bug839008_givenname, bug839008_sn, Secret123, bug839008_group, bug839008_group desc])

Add Permission - read dns entries

Asserted: Actual value of 'bug839008_privilege desc' matches expected value.

Asserted: Verified Read DNS Entries is listed for bug839008_privilege

Add Role - bug839008_role

Asserted: Verified privilege bug839008_privilege is listed for bug839008_role

Add User bug839008_user

Asserted: User added successfully

Add User Group bug839008_group

Asserted: User Group added successfully

Asserted: user bug839008_user is a member of user group bug839008_group

Asserted: User group bug839008_group is a memberof roles: bug839008_role

Asserted: Indirect membership of role to the user verified

Asserted: reset password for first time login

Password for bug839008_user@TESTRELM.COM">bug839008_user@TESTRELM.COM:

Asserted: Logged in successfully as bug839008_user

Asserted: DNS zones listed - verified

Test Passed: testIndirectRoles_Bug839008([bug839008_IndirectRoles, Read DNS Entries, bug839008_privilege, bug839008_privilege desc, bug839008_role, bug839008_roleDesc, bug839008_user, bug839008_givenname, bug839008_sn, Secret123, bug839008_group, bug839008_group desc])

Test Passed: testIndirectRoles_Bug839008([bug839008_IndirectRoles, Read DNS Entries, bug839008_privilege, bug839008_privilege desc, bug839008_role, bug839008_roleDesc, bug839008_user, bug839008_givenname, bug839008_sn, Secret123, bug839008_group, bug839008_group desc])

Comment 7 errata-xmlrpc 2013-02-21 09:16:40 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html


Note You need to log in before you can comment on or make changes to this bug.