Project

General

Profile

Actions

Bug #16884

closed

Create permissions do not check filter limits

Added by Marek Hulán over 7 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Users, Roles and Permissions
Target version:
Fixed in Releases:
Found in Releases:

Description

Description of problem:
The user is able to create resource in taxonomies which were not added/associated to resource filter of role.
Also the search condition is ignored on creation.

Version-Release number of selected component (if applicable):
Foreman 1.5+ (including 1.14-dev) / Satellite 6.3 snap 3.0

How reproducible:
Always

Steps to Reproduce:
1. Create role with Organization A and Location A taxonomies.
2. Create a filter for resource type for which taxonomies can be applied and without overriding it.
e.g Domain Filter
3. Create a new user with different taxonomies than above role. Suppose Organization B and Location B.
4. Assign the role to user.
5. Login with new user.
6. Attempt to create a domain(or any resource type filter added in role) in user taxonomies(which are not the same as filter taxonomies).

Similarly in step 3, search condition can be specified, e.g. name ~ a

Actual results:
1. Create permission is not honoring the resourse filter limits.
2. The resource is created in the user associated taxonomies which are not permitted by resource filter.

Similarly the resource is created if name ~ a condition was specified in filter and name "b" was used.

Expected results:
1.Create permissions should check filter limits.
2. The resource should not be created by user in taxonomies to which filter doesn't gives permission.
3. Some informative message should be displayed for unable to create resource due to no permissions from resource filter end.


Related issues 12 (1 open11 closed)

Related to Foreman - Tracker #4552: New permissions/authorization system issuesNew

Actions
Related to Katello - Bug #20135: Fix tests after create and edit permissions started to be enforcedClosedMarek Hulán06/28/2017Actions
Related to foreman-tasks - Bug #20136: Ignore create_tasks permission verificationClosedMarek Hulán06/28/2017Actions
Related to foreman-tasks - Bug #20333: Similar to create permission, we need to ignore update permissionClosedMarek Hulán07/18/2017Actions
Related to Foreman - Bug #20385: rake db:seed fails for pluginsClosedMarek Hulán07/23/2017Actions
Related to Foreman - Bug #20384: Initial db:seed failsClosedMarek Hulán07/21/2017Actions
Related to Foreman Remote Execution - Bug #20391: Tests are failing due to permission changesClosedAdam Ruzicka07/24/2017Actions
Related to Foreman Remote Execution - Refactor #20455: Replace execute permission with create_template_invocationResolvedActions
Related to virt-who configure - Bug #21065: Can't create configuration as a user with just "Manager" and "Virt-who Manager" rolesClosedMarek Hulán09/21/2017Actions
Related to Foreman - Bug #22010: Hostgroup creation/edition issueClosedMarek Hulán12/18/2017Actions
Related to Foreman - Bug #22983: Missing permissions seed entry for HostgroupClassClosedMarek Hulán03/22/2018Actions
Related to Foreman - Bug #25207: Invalid single-table inheritance type: Host::Discovered is not a subclass of Host::ManagedClosedLukas ZapletalActions
Actions #1

Updated by Marek Hulán over 7 years ago

  • Subject changed from Create permissions do not check filter limits to Create permissions do not check filter limits
  • Target version set to 115
Actions #2

Updated by Marek Hulán over 7 years ago

  • Related to Tracker #4552: New permissions/authorization system issues added
Actions #3

Updated by Marek Hulán over 7 years ago

  • Target version changed from 115 to 1.4.2
Actions #4

Updated by Marek Hulán over 7 years ago

  • Status changed from New to Assigned
  • Assignee set to Marek Hulán
Actions #5

Updated by Marek Hulán over 7 years ago

  • Target version changed from 1.4.2 to 1.4.4
Actions #6

Updated by The Foreman Bot over 7 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/4030 added
Actions #7

Updated by Marek Hulán over 7 years ago

  • Target version changed from 1.4.4 to 1.10.1
Actions #8

Updated by Marek Hulán about 7 years ago

  • Target version changed from 1.10.1 to 1.10.2
Actions #9

Updated by Marek Hulán about 7 years ago

  • Target version changed from 1.10.2 to 1.11.2
Actions #10

Updated by Marek Hulán about 7 years ago

  • Target version changed from 1.11.2 to 1.11.4
Actions #11

Updated by Marek Hulán about 7 years ago

  • Target version changed from 1.11.4 to 1.12.1
Actions #12

Updated by Marek Hulán about 7 years ago

  • Target version changed from 1.12.1 to 1.12.3
Actions #13

Updated by Marek Hulán almost 7 years ago

  • Target version changed from 1.12.3 to 1.13.0
Actions #14

Updated by Marek Hulán almost 7 years ago

  • Target version changed from 1.13.0 to 1.13.2
Actions #15

Updated by Marek Hulán almost 7 years ago

  • Target version changed from 1.13.2 to 1.13.4
Actions #16

Updated by Marek Hulán almost 7 years ago

  • Target version changed from 1.13.4 to 115
Actions #17

Updated by Marek Hulán almost 7 years ago

  • Related to Bug #20135: Fix tests after create and edit permissions started to be enforced added
Actions #18

Updated by Marek Hulán almost 7 years ago

  • Related to Bug #20136: Ignore create_tasks permission verification added
Actions #19

Updated by Marek Hulán over 6 years ago

  • Related to Bug #20333: Similar to create permission, we need to ignore update permission added
Actions #20

Updated by Marek Hulán over 6 years ago

  • Target version changed from 115 to 1.17.0-RC2
Actions #21

Updated by Anonymous over 6 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #22

Updated by Marek Hulán over 6 years ago

  • translation missing: en.field_release set to 240
Actions #23

Updated by Marek Hulán over 6 years ago

  • Related to Bug #20385: rake db:seed fails for plugins added
Actions #24

Updated by Marek Hulán over 6 years ago

  • Related to Bug #20384: Initial db:seed fails added
Actions #25

Updated by Adam Ruzicka over 6 years ago

  • Related to Bug #20391: Tests are failing due to permission changes added
Actions #26

Updated by The Foreman Bot over 6 years ago

  • Pull request https://github.com/theforeman/foreman/pull/4705 added
Actions #27

Updated by Marek Hulán over 6 years ago

  • Related to Refactor #20455: Replace execute permission with create_template_invocation added
Actions #28

Updated by Marek Hulán over 6 years ago

  • Related to Bug #21065: Can't create configuration as a user with just "Manager" and "Virt-who Manager" roles added
Actions #29

Updated by Anonymous about 6 years ago

  • Related to Bug #22010: Hostgroup creation/edition issue added
Actions #30

Updated by Marek Hulán almost 6 years ago

  • Related to Bug #22983: Missing permissions seed entry for HostgroupClass added
Actions #31

Updated by Lukas Zapletal over 5 years ago

  • Related to Bug #25207: Invalid single-table inheritance type: Host::Discovered is not a subclass of Host::Managed added
Actions

Also available in: Atom PDF