Project

General

Profile

Bug #1632

On login with minimal permissions, user is always taken to host page

Added by Adam Kosmin over 7 years ago. Updated about 5 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Authorization
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Installed version: debian squeeze package 0.4.2-1

Steps to reproduce:

1. Create a role named 'guest'
2. Uncheck all permissions (uncheck/check all buttons do not work though) but leave only report ACLs enabled
- view_reports
- delete_reports
3. Create a user named 'guest' and assign to 'guest' role
4. Login as guest

This user still has access to 'hosts' and 'more' (although no submenus are available in the 'more' section).

There seems to be a strange relationship between the Anonymous role and other roles though. Disabling the 'hosts' related ACLs in the Anonymous role results in a permissions related error. It appears that the login redirection takes the logged in user straight to the 'hosts' area of the site.

What I'd really love is to be able to get the Anonymous role working so that only reports are available. This way, logins wouldn't be required at all just to view this subset of functionality.

Thanks


Related issues

Related to Foreman - Bug #6361: menu item "Hosts --> All hosts" is visible to normal user from anonymous role by defaultClosed2014-06-24
Related to Foreman - Bug #1214: User might not be able to access root path if he has no permissions to view the dashboardResolved2011-10-09
Has duplicate Foreman - Bug #6926: New user with just anonymous role will get 403 Forbidden upon logon to / (redirected to /hosts)Duplicate2014-08-05

History

#1 Updated by Dominic Cleal over 5 years ago

  • Description updated (diff)

I think generally the login page will try and return the user to the original URL they requested, so if they hit / then it should take them to the dashboard (giving all users permission to view_dashboard seems a good idea). If there's no original URL then it defaults to the host list, which they might not have permission to access.

This needs to be more flexible based on the user's assigned permissions.

#2 Updated by Dominic Cleal about 5 years ago

  • Subject changed from Unable to strip foreman down to nothing but a report viewer to On login with minimal permissions, user is always taken to host page

I think the menu issues have been resolved in recent versions, but the issue with minimum permissions on login being given a denied message (particularly when missing the dashboard permission) is still a problem.

#3 Updated by Dominic Cleal about 5 years ago

  • Has duplicate Bug #6926: New user with just anonymous role will get 403 Forbidden upon logon to / (redirected to /hosts) added

#4 Updated by Dominic Cleal about 5 years ago

  • Related to Bug #6361: menu item "Hosts --> All hosts" is visible to normal user from anonymous role by default added

#5 Updated by Dominic Cleal about 5 years ago

  • Related to Bug #1214: User might not be able to access root path if he has no permissions to view the dashboard added

Also available in: Atom PDF