Bug #5235

Filter creation allows me to enter and save with a field that isn't available for searching and blows up the resulting entity page

Added by Eric Helms over 3 years ago. Updated over 3 years ago.

Status:Closed
Priority:High
Assigned To:Dmitri Dolguikh
Category:Authorization
Target version:Sprint 26
Difficulty: Bugzilla link:1117832
Found in release: Pull request:
Story points-
Velocity based estimate-
Release1.5.2Release relationshipAuto

Description

1. Create a New Role
2. Click to add new Filter
3. Select 'Domain'
4. Add all permissions for Domain
5. Enter 'anything = 4' into the Search box
6. click 'Submit' (Note: no validation to stop you from saving this invalid filter)
7. Grant Role to user without any other permissions
8. Log in as new user
9. Navigate to Domains page
10. Attempt to create a Domain

Error output "Invalid search query: Field 'anything' not recognized for searching!"


Related issues

Related to Foreman - Bug #6830: upgrade 1.4.5 to 1.5.2 results in "Invalid search query" ... Closed 07/30/2014
Blocks Foreman - Tracker #4552: New permissions/authorization system issues New 03/05/2014

Associated revisions

Revision 0545fd10
Added by Dmitri Dolguikh over 3 years ago

fixes #5235: it's impossible to create filters with invaid searches

Revision 4dbf7958
Added by Dmitri Dolguikh over 3 years ago

fixes #5235: it's impossible to create filters with invaid searches

(cherry picked from commit 0545fd10e610f350e1b43783d3073ab2296bdf33)

History

#1 Updated by Dominic Cleal over 3 years ago

  • Category set to Authorization

#2 Updated by Dominic Cleal over 3 years ago

  • Blocks Tracker #4552: New permissions/authorization system issues added

#3 Updated by Dmitri Dolguikh over 3 years ago

  • Status changed from New to Assigned
  • Assigned To set to Dmitri Dolguikh

#4 Updated by Dmitri Dolguikh over 3 years ago

  • Status changed from Assigned to Ready For Testing

#5 Updated by Dominic Cleal over 3 years ago

  • Target version set to Sprint 25

#6 Updated by Dmitri Dolguikh over 3 years ago

  • Target version changed from Sprint 25 to Sprint 26

#7 Updated by Dominic Cleal over 3 years ago

  • Release set to 1.5.2

#8 Updated by Anonymous over 3 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#9 Updated by Bryan Kearney over 3 years ago

  • Bugzilla link set to 1117832

#10 Updated by Dominic Cleal over 3 years ago

  • Related to Bug #6830: upgrade 1.4.5 to 1.5.2 results in "Invalid search query" error added

Also available in: Atom PDF