Bug #2298
closedUser in multiple Orgs gets 'Any Organization' option that really is any Org
Description
I can create a user that belongs to a single Org and he sees vm's that belong to just his Org. But when I add a user to more than one Org he can choose any of those from the menu and see just hosts in that particular Org.
The problem is the user also gets an 'Any Organization' option (which they log in with by default) and can see vm's outside of their two Orgs. The user can also perform operations on the VM's in other Orgs, including deleting them.
Updated by Anonymous over 11 years ago
Updated by Marek Hulán over 11 years ago
This one is to be closed I think. I don't see a way to set org to nil anymore. More information is related PR.
Updated by Dominic Cleal over 11 years ago
- Status changed from New to Resolved
Thanks for confirming Marek. Let us know if you see this on 1.2 Jason, it's should be fixed now.
Updated by Greg Sutcliffe about 11 years ago
- Description updated (diff)
- Status changed from Resolved to New
- Target version changed from 1.2.0 to 1.3.0
Updated by Anonymous about 11 years ago
- Target version deleted (
1.3.0)
In 1.2 creating a non-admin user assigned to multiple orgs and then logging in as them will give you nil org, allowing you to see hosts and perform actions you shouldn't be able to.
Once you select an org there is no longer an 'Any Organization' option to easily get back, but logging out and clearing your browser history is enough to get back to a nil org (logging out and back in does not seem to be sufficient).
Updated by Anonymous about 11 years ago
in the pull I submitted above the two lines:
+ elsif !User.current.admin?
+ orgs.first
in app/controllers/application_controller.rb stop the user from getting nil org when logging in if they are a non-admin.
I don't know if there are other ways to get nil org by being crafty, but this would at least be a start.
Updated by Anonymous about 11 years ago
- Status changed from Assigned to Ready For Testing
Updated by Dominic Cleal almost 11 years ago
- Related to Feature #3914: Need ability to specify a default Organization for a user added
Updated by Dominic Cleal over 10 years ago
- Related to Bug #4526: Missing 'Any Location'-Option in Location Selection List added
Updated by Ori Rabin over 8 years ago
- Status changed from Ready For Testing to Resolved