Actions
Bug #17314
closedNon-admin user with edit_subnets permissions (etc) cannot edit subnets
Status:
Closed
Priority:
Normal
Assignee:
Category:
Users, Roles and Permissions
Target version:
Description
For a non-admin user with a role granting:
- view_subnets, create_subnets, edit_subnets, destroy_subnets, import_subnets
with unlimited scope, the edit/destroy links on the subnets UI index are greyed out or missing.
The log shows:
2016-11-11T09:22:13 93379cee [app] [I] Started GET "/subnets" for 127.0.0.1 at 2016-11-11 09:22:13 +0000 2016-11-11T09:22:13 93379cee [app] [I] Processing by SubnetsController#index as HTML 2016-11-11T09:22:13 93379cee [sql] [D] ActiveRecord::SessionStore::Session Load (0.1ms) SELECT "sessions".* FROM "sessions" WHERE "sessions"."session_id" = ? ORDER BY "sessions"."id" ASC LIMIT 1 [["session_id", "93379cee4fc807faacc48d1adc6fcef2"]] 2016-11-11T09:22:13 93379cee [sql] [D] User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 66]] 2016-11-11T09:22:13 93379cee [app] [D] Setting current user thread-local variable to 16739test 2016-11-11T09:22:13 93379cee [sql] [D] AuthSource Load (0.1ms) SELECT "auth_sources".* FROM "auth_sources" WHERE "auth_sources"."id" = ? LIMIT 1 [["id", 1]] 2016-11-11T09:22:13 93379cee [sql] [D] Usergroup Load (0.2ms) SELECT "usergroups".* FROM "usergroups" INNER JOIN "cached_usergroup_members" ON "usergroups"."id" = "cached_usergroup_members"."usergroup_id" WHERE "cached_usergroup_members"."user_id" = ? ORDER BY usergro ups.name [["user_id", 66]] 2016-11-11T09:22:13 93379cee [sql] [D] Role Load (0.3ms) SELECT DISTINCT "roles".* FROM "roles" INNER JOIN "cached_user_roles" ON "roles"."id" = "cached_user_roles"."role_id" WHERE "cached_user_roles"."user_id" = ? [["user_id", 66]] 2016-11-11T09:22:13 93379cee [sql] [D] (0.2ms) SELECT permissions.name FROM "permissions" INNER JOIN "filterings" ON "permissions"."id" = "filterings"."permission_id" INNER JOIN "filters" ON "filterings"."filter_id" = "filters"."id" WHERE "filters"."role_id" = ? ORDE R BY filters.role_id, filters.id [["role_id", 8]] 2016-11-11T09:22:13 93379cee [sql] [D] (0.2ms) SELECT permissions.name FROM "permissions" INNER JOIN "filterings" ON "permissions"."id" = "filterings"."permission_id" INNER JOIN "filters" ON "filterings"."filter_id" = "filters"."id" WHERE "filters"."role_id" = ? ORDE R BY filters.role_id, filters.id [["role_id", 46]] 2016-11-11T09:22:13 93379cee [sql] [D] Subnet Load (0.4ms) SELECT "subnets".* FROM "subnets" ORDER BY vlanid LIMIT 1 2016-11-11T09:22:13 93379cee [permissions] [D] checking permission view_subnets 2016-11-11T09:22:13 93379cee [sql] [D] Filter Load (0.1ms) SELECT "filters".* FROM "filters" INNER JOIN "filterings" ON "filterings"."filter_id" = "filters"."id" INNER JOIN "permissions" ON "permissions"."id" = "filterings"."permission_id" INNER JOIN "roles" ON "filter s"."role_id" = "roles"."id" INNER JOIN "cached_user_roles" ON "roles"."id" = "cached_user_roles"."role_id" WHERE "cached_user_roles"."user_id" = ? AND (permissions.resource_type = 'Subnet') AND (permissions.name = 'view_subnets') [["user_id", 66]] 2016-11-11T09:22:13 93379cee [permissions] [D] filter with role_id: 46 limited: false search: taxonomy_search: 2016-11-11T09:22:13 93379cee [sql] [D] SQL (0.3ms) SELECT DISTINCT "subnets"."id" FROM "subnets" LEFT OUTER JOIN "subnet_domains" ON "subnet_domains"."subnet_id" = "subnets"."id" LEFT OUTER JOIN "domains" ON "domains"."id" = "subnet_domains"."domain_id" LEFT OUTER JOI N "smart_proxies" ON "smart_proxies"."id" = "subnets"."dhcp_id" ORDER BY vlanid LIMIT 20 OFFSET 0 2016-11-11T09:22:13 93379cee [sql] [D] SQL (0.7ms) SELECT "subnets"."id" AS t0_r0, "subnets"."network" AS t0_r1, "subnets"."mask" AS t0_r2, "subnets"."priority" AS t0_r3, "subnets"."name" AS t0_r4, "subnets"."vlanid" AS t0_r5, "subnets"."created_at" AS t0_r6, "subnets" ."updated_at" AS t0_r7, "subnets"."dhcp_id" AS t0_r8, "subnets"."tftp_id" AS t0_r9, "subnets"."gateway" AS t0_r10, "subnets"."dns_primary" AS t0_r11, "subnets"."dns_secondary" AS t0_r12, "subnets"."from" AS t0_r13, "subnets"."to" AS t0_r14, "subnets"."dns_id" AS t0_r15, " subnets"."ipam" AS t0_r16, "subnets"."boot_mode" AS t0_r17, "subnets"."type" AS t0_r18, "domains"."id" AS t1_r0, "domains"."name" AS t1_r1, "domains"."fullname" AS t1_r2, "domains"."created_at" AS t1_r3, "domains"."updated_at" AS t1_r4, "domains"."dns_id" AS t1_r5, "smart _proxies"."id" AS t2_r0, "smart_proxies"."name" AS t2_r1, "smart_proxies"."url" AS t2_r2, "smart_proxies"."created_at" AS t2_r3, "smart_proxies"."updated_at" AS t2_r4, "smart_proxies"."expired_logs" AS t2_r5 FROM "subnets" LEFT OUTER JOIN "subnet_domains" ON "subnet_domai ns"."subnet_id" = "subnets"."id" LEFT OUTER JOIN "domains" ON "domains"."id" = "subnet_domains"."domain_id" LEFT OUTER JOIN "smart_proxies" ON "smart_proxies"."id" = "subnets"."dhcp_id" WHERE "subnets"."id" IN (1, 4, 5, 6, 7, 8, 13) ORDER BY vlanid 2016-11-11T09:22:13 93379cee [permissions] [D] checking permission edit_subnets 2016-11-11T09:22:13 93379cee [sql] [D] Filter Load (0.3ms) SELECT "filters".* FROM "filters" INNER JOIN "filterings" ON "filterings"."filter_id" = "filters"."id" INNER JOIN "permissions" ON "permissions"."id" = "filterings"."permission_id" INNER JOIN "roles" ON "filter s"."role_id" = "roles"."id" INNER JOIN "cached_user_roles" ON "roles"."id" = "cached_user_roles"."role_id" WHERE "cached_user_roles"."user_id" = ? AND (permissions.resource_type = 'Subnet::Ipv4') AND (permissions.name = 'edit_subnets') [["user_id", 66]] 2016-11-11T09:22:13 93379cee [permissions] [D] 2016-11-11T09:22:13 93379cee [permissions] [D] no filters found for given permission 2016-11-11T09:22:13 93379cee [sql] [D] Subnet::Ipv4 Load (0.5ms) SELECT "subnets".* FROM "subnets" WHERE "subnets"."type" IN ('Subnet::Ipv4') AND (1=0) ORDER BY vlanid 2016-11-11T09:22:13 93379cee [permissions] [D] checking permission destroy_subnets 2016-11-11T09:22:13 93379cee [sql] [D] Filter Load (0.1ms) SELECT "filters".* FROM "filters" INNER JOIN "filterings" ON "filterings"."filter_id" = "filters"."id" INNER JOIN "permissions" ON "permissions"."id" = "filterings"."permission_id" INNER JOIN "roles" ON "filter s"."role_id" = "roles"."id" INNER JOIN "cached_user_roles" ON "roles"."id" = "cached_user_roles"."role_id" WHERE "cached_user_roles"."user_id" = ? AND (permissions.resource_type = 'Subnet::Ipv4') AND (permissions.name = 'destroy_subnets') [["user_id", 66]] 2016-11-11T09:22:13 93379cee [permissions] [D] 2016-11-11T09:22:13 93379cee [permissions] [D] no filters found for given permission 2016-11-11T09:22:13 93379cee [sql] [D] CACHE (0.0ms) SELECT "subnets".* FROM "subnets" WHERE "subnets"."type" IN ('Subnet::Ipv4') AND (1=0) ORDER BY vlanid 2016-11-11T09:22:13 93379cee [permissions] [D] checking permission edit_subnets 2016-11-11T09:22:13 93379cee [sql] [D] Filter Load (0.1ms) SELECT "filters".* FROM "filters" INNER JOIN "filterings" ON "filterings"."filter_id" = "filters"."id" INNER JOIN "permissions" ON "permissions"."id" = "filterings"."permission_id" INNER JOIN "roles" ON "filter s"."role_id" = "roles"."id" INNER JOIN "cached_user_roles" ON "roles"."id" = "cached_user_roles"."role_id" WHERE "cached_user_roles"."user_id" = ? AND (permissions.resource_type = 'Subnet::Ipv6') AND (permissions.name = 'edit_subnets') [["user_id", 66]] 2016-11-11T09:22:13 93379cee [permissions] [D] 2016-11-11T09:22:13 93379cee [permissions] [D] no filters found for given permission 2016-11-11T09:22:13 93379cee [sql] [D] Subnet::Ipv6 Load (0.3ms) SELECT "subnets".* FROM "subnets" WHERE "subnets"."type" IN ('Subnet::Ipv6') AND (1=0) ORDER BY vlanid 2016-11-11T09:22:13 93379cee [permissions] [D] checking permission destroy_subnets 2016-11-11T09:22:13 93379cee [sql] [D] Filter Load (0.3ms) SELECT "filters".* FROM "filters" INNER JOIN "filterings" ON "filterings"."filter_id" = "filters"."id" INNER JOIN "permissions" ON "permissions"."id" = "filterings"."permission_id" INNER JOIN "roles" ON "filter s"."role_id" = "roles"."id" INNER JOIN "cached_user_roles" ON "roles"."id" = "cached_user_roles"."role_id" WHERE "cached_user_roles"."user_id" = ? AND (permissions.resource_type = 'Subnet::Ipv6') AND (permissions.name = 'destroy_subnets') [["user_id", 66]] 2016-11-11T09:22:13 93379cee [permissions] [D] 2016-11-11T09:22:13 93379cee [permissions] [D] no filters found for given permission 2016-11-11T09:22:13 93379cee [sql] [D] CACHE (0.0ms) SELECT "subnets".* FROM "subnets" WHERE "subnets"."type" IN ('Subnet::Ipv6') AND (1=0) ORDER BY vlanid 2016-11-11T09:22:13 93379cee [app] [I] Rendered subnets/index.html.erb within layouts/application (67.5ms)
The resource_type being searched for is Subnet::Ipv4
and Subnet::Ipv6
, but there are not separate permissions for the IPv4/6 subnet subclasses. They should be aliased to Subnet
.
Updated by Dominic Cleal almost 8 years ago
- Related to Refactor #14638: Refactor Subnet into STI to allow different subnet types added
Updated by The Foreman Bot almost 8 years ago
- Status changed from Assigned to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/4014 added
Updated by Daniel Lobato Garcia almost 8 years ago
- Translation missing: en.field_release set to 203
Updated by Dominic Cleal almost 8 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset b628f37369dead0a247bd6d5857bb2cafd223e77.
Actions