Project

General

Profile

Actions

Feature #4477

closed

Improve permissions on resources in host creation/editing form

Added by Marek Hulán about 10 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Users, Roles and Permissions
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

We can limit resources that are displayed to the user in host form using new granular permission. Or we could allow resources based on used hostgroup.


Related issues 9 (5 open4 closed)

Related to Foreman - Feature #812: cant assign roles to groups, just to usersClosedMarek Hulán03/31/2011Actions
Related to Foreman - Feature #1652: Fix privacy for puppetclasses.ResolvedActions
Related to Foreman - Bug #6226: if only one option for required field on new host page (ex. installation media), then automatically select itNew06/15/2014Actions
Related to Foreman - Bug #6760: Models should ensure the authorization of associated objects before associating them to the modelNew07/23/2014Actions
Related to Foreman - Bug #1875: user restricted to compute resource(s) can create baremetal hostsNew09/27/2012Actions
Related to Foreman - Feature #7289: ACL who can add a host to hostgroup.New08/28/2014Actions
Related to Foreman - Bug #18042: Host Compute Resource field does not honor view permissionsNew01/12/2017Actions
Has duplicate Foreman - Bug #6470: Hostgroup selection box does not honor create_hosts filterDuplicate07/02/2014Actions
Has duplicate Foreman - Bug #14248: Unable to control where users can build hostsDuplicateTomer Brisker03/17/2016Actions
Actions #1

Updated by Marek Hulán about 10 years ago

  • Related to Feature #812: cant assign roles to groups, just to users added
Actions #2

Updated by Dominic Cleal almost 10 years ago

The same applies to other resources like domains, subnets and realms which have associated smart proxies. In theory we can use .authorized and only show the proxies on the form which the user has access to, but in practice this means a user who has edit permissions on a domain but no rights to view the associated smart proxies might inadvertently unset or change the associated proxy.

Our forms need to be smarter about associations to other resources that the user doesn't have access to.

Actions #3

Updated by Dominic Cleal almost 10 years ago

Actions #4

Updated by Dominic Cleal over 9 years ago

  • Has duplicate Bug #6470: Hostgroup selection box does not honor create_hosts filter added
Actions #5

Updated by Dominic Cleal over 9 years ago

  • Related to Bug #6226: if only one option for required field on new host page (ex. installation media), then automatically select it added
Actions #6

Updated by Bryan Kearney over 9 years ago

  • Bugzilla link set to 1118312
Actions #7

Updated by Dominic Cleal over 9 years ago

  • Related to Bug #6760: Models should ensure the authorization of associated objects before associating them to the model added
Actions #8

Updated by Anonymous over 9 years ago

  • Related to Bug #1875: user restricted to compute resource(s) can create baremetal hosts added
Actions #9

Updated by Anonymous over 9 years ago

  • Status changed from New to Assigned
  • Target version set to 1.7.5
  • Assignee set to Anonymous
Actions #10

Updated by Anonymous over 9 years ago

  • Target version changed from 1.7.5 to 1.7.4
Actions #11

Updated by Dominic Cleal over 9 years ago

  • Related to Feature #7289: ACL who can add a host to hostgroup. added
Actions #12

Updated by Anonymous over 9 years ago

  • Target version deleted (1.7.4)
Actions #13

Updated by Anonymous over 9 years ago

  • Status changed from Assigned to New
Actions #14

Updated by Roy Williams almost 9 years ago

Once a host group is created it is not possible to change puppet classes from within the host group once hosts are associated to it. However it is possible to associate puppet classes from the Configure -> Puppet -> Puppet Classes tab and check box them so they will work. The other issue is it's not possible to populate parameter overrides since I receive the error "Validation failed: Taxonomy has already been taken"

Actions #15

Updated by Marek Hulán almost 9 years ago

This does not seem related to this authorization issue. Please open a separate issue unless there's an existing one for the issue you have.

Edit (domcleal): #13620

Actions #16

Updated by The Foreman Bot almost 8 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/3369 added
Actions #17

Updated by Tomer Brisker almost 8 years ago

  • Has duplicate Bug #14248: Unable to control where users can build hosts added
Actions #18

Updated by Tomer Brisker almost 8 years ago

  • Bugzilla link changed from 1118312 to 1293716
  • Assignee changed from Anonymous to Tomer Brisker
Actions #19

Updated by Anonymous over 7 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #20

Updated by Dominic Cleal over 7 years ago

  • translation missing: en.field_release set to 160
Actions #21

Updated by Tomer Brisker about 7 years ago

  • Related to Bug #18042: Host Compute Resource field does not honor view permissions added
Actions

Also available in: Atom PDF