Project

General

Profile

Bug #19952

audits no longer visible in 1.15 if user is not administrator

Added by Lars Wagner almost 6 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Daniel Lobato Garcia
Category:
Audit Log
Target version:
1.15.1
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/4575
Fixed in Releases:
Found in Releases:
1.15.0
Red Hat JIRA:

Description

The audits list under Monitor => Audits is no longer visible in version 1.15 if the user hasn't the Administrator role. The assigned role has the view_audit_logs permission in resource Audit. The Audit list is just empty ("No entries found").

Associated revisions

Revision 3cf5b75a (diff)
Added by Daniel Lobato Garcia almost 6 years ago

Fixes #19952 - Allow view_audit_logs to work

Every time the /audits page is visited by a non-admin user, it checks
whether the permission 'view_audit_logs' is for the Audit class. In
previous versions of 'audited', this was
Audited::Adapters::ActiveRecord::Audit, but right now it's simply
Audited::Audit.

To test the change, visit the page with an user that just has the
'view_audit_logs' permission. Check how without updating the
authorizer.rb file, /audits will be empty.

Revision 29c03d44 (diff)
Added by Daniel Lobato Garcia almost 6 years ago

Fixes #19952 - Allow view_audit_logs to work

Every time the /audits page is visited by a non-admin user, it checks
whether the permission 'view_audit_logs' is for the Audit class. In
previous versions of 'audited', this was
Audited::Adapters::ActiveRecord::Audit, but right now it's simply
Audited::Audit.

To test the change, visit the page with an user that just has the
'view_audit_logs' permission. Check how without updating the
authorizer.rb file, /audits will be empty.

(cherry picked from commit 3cf5b75af76d69fc6db869a44654db1d3133c665)

History

#1 Updated by Daniel Lobato Garcia almost 6 years ago

I can reproduce with the current develop branch, so I assume something between 1.15 and 1.14 borked this. This sounds like a candidate for the next 1.15 patch release.

Note the permissions to show the page seem to work, it's just the content that doesn't load unless User.current == admin

#2 Updated by The Foreman Bot almost 6 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Daniel Lobato Garcia
  • Pull request https://github.com/theforeman/foreman/pull/4575 added

#3 Updated by Lars Wagner almost 6 years ago

After applying your patch, the audits are visible. Thank you very much!

#4 Updated by Daniel Lobato Garcia almost 6 years ago

  • Legacy Backlogs Release (now unused) set to 248

No worries, I think this definitely is a regression, so I'm marking it for 1.15.2 (to be released in a couple of weeks).

#5 Updated by Anonymous almost 6 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF