Bug #17156
closed
unlimited filtering of organizations not working
Description
We were using foreman 1.10 and recently did a upgrade to 1.13, somewhere between these versions the behaviour for unlimited filters on organizations changed.
steps to reproduce:- create a role with a filter on view_organizations and unlimited true
- assign role to user
- create some organizations
- result: user can see all organizations
- result: user can only see explicit assigned organizations
I have seen some tickets regarding permissions and organizations. So the first question might be, is this a expected behaviour or is this a bug?
Updated by Marek Hulán over 7 years ago
- Category changed from Users, Roles and Permissions to Organizations and Locations
Is the user assigned to some organizations?
Updated by Martin Schurz over 7 years ago
Marek Hulán wrote:
Is the user assigned to some organizations?
No, the user isn't assigned to any organization nor has other roles that are assigned to organizations.
Updated by Marek Hulán almost 7 years ago
- Status changed from New to Resolved
Sorry for the late answer. I'll try to describe how 1.15 works (or at least suppose to work). User must be assigned to organizations he can choose in top left menu. This is a must for them to also see resources assigned to a given organization. If there's a resource without any organization assigned, only admins will be able to see it, non-admin users will never see it regardless of any permission. Of course the resource must support assigning organizations (e.g. subnets). The permission view_organizations is required for user so we know, what organizations can be displayed in Administer -> Organizations. Similarly for edit/create/delete permissions. There's one extra permission called assign_organizations which determines, what organization user can assign to resources, e.g. in subnet form under Organizations tab.
I think it's aligned with what you reported, so I'm setting this as resolved. Please reopen/comment if I misunderstood.