Bug 839008 - Indirect roles not checked for in WebUI
Indirect roles not checked for in WebUI
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa (Show other bugs)
6.4
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: Rob Crittenden
Namita Soman
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-10 11:51 EDT by Dmitri Pal
Modified: 2013-02-21 04:16 EST (History)
4 users (show)

See Also:
Fixed In Version: ipa-3.0.0-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: Identity Management Web UI Administrator interface was not enabled for users who were indirect members of administrative roles, e.g. for a user which is a member of a group which is a member of administrative role. Consequence: Such users were not able to perform Identity Management administrative tasks via Web UI. Fix: Allow Web UI Administrator interface for indirect members of administrative roles. Result: Indirect members of administrative roles are now able to perform administrative tasks within Identity Management Web UI.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-21 04:16:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dmitri Pal 2012-07-10 11:51:47 EDT
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2899

When using the WebUI the admin navigation isn't enabled for users who are indirect members of roles.
Comment 1 Petr Vobornik 2012-07-11 03:23:41 EDT
Fixed upstream: e494650b2cdb6ac7e1eda3da7cf03d4c36f2739a
Comment 2 Jenny Galipeau 2012-09-25 12:10:22 EDT
regression test is automated
Comment 5 Xiyang Dong 2013-01-21 08:41:30 EST
verified in ipa-server-3.0.0-22.el6.x86_64

https://wiki.idm.lab.bos.redhat.com/qa/archive/ipa/webui/automation/firefox/test-output-ipa-server-3.0.0-QA/0114_64bit/full%20suite/IPARBACTestSuite/index.html

testIndirectRoles_Bug839008
Bug 839008 - Indirect Roles
Parameters: bug839008_IndirectRoles, Read DNS Entries, bug839008_privilege, bug839008_privilege desc, bug839008_role, bug839008_roleDesc, bug839008_user, bug839008_givenname, bug839008_sn, Secret123, bug839008_group, bug839008_group desc
Hide output Show all outputs
Starting Test: testIndirectRoles_Bug839008([bug839008_IndirectRoles, Read DNS Entries, bug839008_privilege, bug839008_privilege desc, bug839008_role, bug839008_roleDesc, bug839008_user, bug839008_givenname, bug839008_sn, Secret123, bug839008_group, bug839008_group desc])

Starting Test: testIndirectRoles_Bug839008([bug839008_IndirectRoles, Read DNS Entries, bug839008_privilege, bug839008_privilege desc, bug839008_role, bug839008_roleDesc, bug839008_user, bug839008_givenname, bug839008_sn, Secret123, bug839008_group, bug839008_group desc])

Add Permission - read dns entries

Asserted: Actual value of 'bug839008_privilege desc' matches expected value.

Asserted: Verified Read DNS Entries is listed for bug839008_privilege

Add Role - bug839008_role

Asserted: Verified privilege bug839008_privilege is listed for bug839008_role

Add User bug839008_user

Asserted: User added successfully

Add User Group bug839008_group

Asserted: User Group added successfully

Asserted: user bug839008_user is a member of user group bug839008_group

Asserted: User group bug839008_group is a memberof roles: bug839008_role

Asserted: Indirect membership of role to the user verified

Asserted: reset password for first time login

Password for bug839008_user@TESTRELM.COM">bug839008_user@TESTRELM.COM:

Asserted: Logged in successfully as bug839008_user

Asserted: DNS zones listed - verified

Test Passed: testIndirectRoles_Bug839008([bug839008_IndirectRoles, Read DNS Entries, bug839008_privilege, bug839008_privilege desc, bug839008_role, bug839008_roleDesc, bug839008_user, bug839008_givenname, bug839008_sn, Secret123, bug839008_group, bug839008_group desc])

Test Passed: testIndirectRoles_Bug839008([bug839008_IndirectRoles, Read DNS Entries, bug839008_privilege, bug839008_privilege desc, bug839008_role, bug839008_roleDesc, bug839008_user, bug839008_givenname, bug839008_sn, Secret123, bug839008_group, bug839008_group desc])
Comment 7 errata-xmlrpc 2013-02-21 04:16:40 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html

Note You need to log in before you can comment on or make changes to this bug.