Project

General

Profile

Actions
Copy link

Bug #7221

closed

Edit organization displays associated resources for use w/o permissions

Added by Thomas McKay over 9 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Thomas McKay
Category:
Users, Roles and Permissions
Target version:
1.7.0
Difficulty:
Triaged:
Bugzilla link:
1132675
Pull request:
https://github.com/theforeman/foreman/pull/1731
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

A user with the below permissions can incorrectly see the following on an organization edit page. Note that because the tabs are displayed the list of resources available in each are also displayed. This implies that the choices are not being reduce to show only those available to a specific user.

What I mean is that if user A has a filter that allowed them to only see "Alterator default" Template, then the list should contain only that template. It is my guess that this is not the case. Maybe worth a separate bug but suspect it is all related.

If no permission for resource at all, do not render tab at all.
For limited permissions, display only those resources that are accessible.

Smart Proxies
Subnets
Compute Resources
Media
Templates
Domains
Realms
Environments
Host Groups
Locations
Parameters

Name,Count,Resource,Search,Permissions,Organizations,Locations
SAM Administrator,1,Katello::ActivationKey,"","view_activation_keys,create_activation_keys,edit_activation_keys,destroy_activation_keys",,"" 
SAM Administrator,1,Katello::System,"","view_content_hosts,create_content_hosts,edit_content_hosts,destroy_content_hosts",,"" 
SAM Administrator,1,Katello::ContentView,"",view_content_views,,"" 
SAM Administrator,1,Katello::HostCollection,"","view_host_collections,create_host_collections,edit_host_collections,destroy_host_collections",,"" 
SAM Administrator,1,Katello::KTEnvironment,"",view_lifecycle_environments,,"" 
SAM Administrator,1,Katello::Product,"","view_products,sync_products",,"" 
SAM Administrator,1,Organization,"","view_organizations,create_organizations,edit_organizations,destroy_organizations,assign_organizations,view_subscriptions,attach_subscriptions,unattach_subscriptions,import_manifest,delete_manifest",,"" 
SAM Administrator,1,Role,"","view_roles,create_roles,edit_roles,destroy_roles",,"" 
SAM Administrator,1,Filter,"","view_filters,create_filters,edit_filters,destroy_filters",,"" 
SAM Administrator,1,User,"","view_users,create_users,edit_users,destroy_users",,"" 
SAM Administrator,1,Usergroup,"","view_usergroups,create_usergroups,edit_usergroups,destroy_usergroups",,""

Related issues 3 (1 open2 closed)

Related to Foreman - Bug #6760: Models should ensure the authorization of associated objects before associating them to the modelNew07/23/2014Actions
Related to Foreman - Bug #7337: organizations UI does not filter resources to associate based upon RBACClosedTomer Brisker09/03/2014Actions
Related to Foreman - Bug #7335: organizations UI "All users" toggle not checking permissions for being displayedClosedTomer Brisker09/03/2014Actions
Actions
Copy link

Also available in: Atom PDF