Project

General

Profile

Actions

Bug #2298

closed

User in multiple Orgs gets 'Any Organization' option that really is any Org

Added by Anonymous about 11 years ago. Updated about 8 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
Organizations and Locations
Target version:
-
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

I can create a user that belongs to a single Org and he sees vm's that belong to just his Org. But when I add a user to more than one Org he can choose any of those from the menu and see just hosts in that particular Org.

The problem is the user also gets an 'Any Organization' option (which they log in with by default) and can see vm's outside of their two Orgs. The user can also perform operations on the VM's in other Orgs, including deleting them.


Related issues 2 (0 open2 closed)

Related to Foreman - Feature #3914: Need ability to specify a default Organization for a userClosedDaniel Lobato Garcia12/17/2013Actions
Related to Foreman - Bug #4526: Missing 'Any Location'-Option in Location Selection ListResolved03/03/2014Actions
Actions #2

Updated by Dominic Cleal almost 11 years ago

  • Target version set to 1.2.0
Actions #3

Updated by Marek Hulán almost 11 years ago

This one is to be closed I think. I don't see a way to set org to nil anymore. More information is related PR.

Actions #4

Updated by Dominic Cleal almost 11 years ago

  • Status changed from New to Resolved

Thanks for confirming Marek. Let us know if you see this on 1.2 Jason, it's should be fixed now.

Actions #5

Updated by Greg Sutcliffe over 10 years ago

  • Description updated (diff)
  • Status changed from Resolved to New
  • Target version changed from 1.2.0 to 1.3.0
Actions #6

Updated by Anonymous over 10 years ago

  • Target version deleted (1.3.0)

In 1.2 creating a non-admin user assigned to multiple orgs and then logging in as them will give you nil org, allowing you to see hosts and perform actions you shouldn't be able to.

Once you select an org there is no longer an 'Any Organization' option to easily get back, but logging out and clearing your browser history is enough to get back to a nil org (logging out and back in does not seem to be sufficient).

Actions #7

Updated by Anonymous over 10 years ago

in the pull I submitted above the two lines:

+ elsif !User.current.admin?
+ orgs.first

in app/controllers/application_controller.rb stop the user from getting nil org when logging in if they are a non-admin.

I don't know if there are other ways to get nil org by being crafty, but this would at least be a start.

Actions #8

Updated by Anonymous over 10 years ago

  • Target version set to 1.3.0
Actions #9

Updated by Anonymous over 10 years ago

  • Status changed from New to Assigned
Actions #10

Updated by Anonymous over 10 years ago

  • Status changed from Assigned to Ready For Testing
Actions #11

Updated by Dominic Cleal over 10 years ago

  • Target version deleted (1.3.0)
Actions #12

Updated by Dominic Cleal over 10 years ago

  • Related to Feature #3914: Need ability to specify a default Organization for a user added
Actions #13

Updated by Dominic Cleal about 10 years ago

  • Related to Bug #4526: Missing 'Any Location'-Option in Location Selection List added
Actions #14

Updated by Ori Rabin about 8 years ago

  • Status changed from Ready For Testing to Resolved
Actions

Also available in: Atom PDF