Project

General

Profile

Bug #21343

Organization admin should he able to work with full multitenancy

Added by Marek Hulán 10 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Organizations and Locations
Target version:
Difficulty:
Triaged:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Right now the org admin works "by accident". That works in UI and for API the similar can be achieved by #16363. But in ideal case, available organizations should work based on view_organizations and assign_organizations permissions. While the feature today is limited to a single organization, we should support delegation for multiple organizations.

Reproducing steps (in both UI and API)
0. create a user with org admin role assigned to 2 organizations
1. try creating a new domain
2. it will always fail without any error message in UI, the issue is in fact that the taxonomy assignment is disallowed until user gets view_organizations and assign_organizations permissions

Expected behavior
  • After gets Org admin role (which is assigned to one or more orgs) and he's assigned to these organizations, they can create/edit resources in these.
  • This means organization filters need to be assignable to organizations (requires scoped_search definition)

Related issues

Related to Foreman - Bug #21119: [Hammer] Org Admin user cannot create user though cliClosed2017-09-27
Has duplicate Foreman - Bug #21998: A user with "Organization admin" role is not able to list resources when specifing org id in apiDuplicate2017-12-17
Blocked by Foreman - Bug #21342: Role needs to be updated if their permissions changed in new versionClosed2017-10-16
Blocked by Foreman - Bug #21629: Taxonomy select box does not print error messageClosed2017-11-10

Associated revisions

Revision 3576f8fb (diff)
Added by Marek Hulán 8 months ago

Fixes #21343 - support multiple orgs supported for non-admin users

  • Fixes #21343 - support multiple orgs supported for non-admins

This adds a full support for taxonomies in API for non-admin users. It
fixes the issue with dirty associations module that only track _ids
change. It also makes the nil a valid value for organization_id and
location_id parameters which set "Any context" explictly, so user can
override default context to any. Finally it updates the org admin role
to have permissions to see and edit organizations. That required an
enforcement of taxonomies that are being set as parent as well as
taxonomy filters being searchable by taxonomy_id. So the filter for
e.g. organzations can be correctly scoped for org admin too.

History

#1 Updated by Marek Hulán 10 months ago

  • Blocked by Bug #21342: Role needs to be updated if their permissions changed in new version added

#2 Updated by Marek Hulán 10 months ago

  • Bugzilla link set to 1502725

#3 Updated by The Foreman Bot 10 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/4917 added

#4 Updated by Marek Hulán 10 months ago

  • Related to Bug #21119: [Hammer] Org Admin user cannot create user though cli added

#5 Updated by Marek Hulán 10 months ago

  • Target version changed from 1.16.0-RC2 to 1.16.0-RC1

#6 Updated by Marek Hulán 10 months ago

  • Target version changed from 1.16.0-RC1 to 1.16.2

#7 Updated by Marek Hulán 9 months ago

  • Blocked by Bug #21629: Taxonomy select box does not print error message added

#8 Updated by Marek Hulán 9 months ago

  • Target version changed from 1.16.2 to 1.16.1

#9 Updated by Marek Hulán 8 months ago

  • Target version changed from 1.16.1 to 238

#10 Updated by Ivan Necas 8 months ago

  • Legacy Backlogs Release (now unused) set to 296
  • Status changed from Ready For Testing to Closed

#11 Updated by Tomer Brisker 8 months ago

  • Has duplicate Bug #21998: A user with "Organization admin" role is not able to list resources when specifing org id in api added

Also available in: Atom PDF