Project

General

Profile

Bug #2298

User in multiple Orgs gets 'Any Organization' option that really is any Org

Added by Jason Montleon over 6 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
Organizations and Locations
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

I can create a user that belongs to a single Org and he sees vm's that belong to just his Org. But when I add a user to more than one Org he can choose any of those from the menu and see just hosts in that particular Org.

The problem is the user also gets an 'Any Organization' option (which they log in with by default) and can see vm's outside of their two Orgs. The user can also perform operations on the VM's in other Orgs, including deleting them.


Related issues

Related to Foreman - Feature #3914: Need ability to specify a default Organization for a userClosed2013-12-17
Related to Foreman - Bug #4526: Missing 'Any Location'-Option in Location Selection ListResolved2014-03-03

History

#2 Updated by Dominic Cleal over 6 years ago

  • Target version set to 1.2.0

#3 Updated by Marek Hulán over 6 years ago

This one is to be closed I think. I don't see a way to set org to nil anymore. More information is related PR.

#4 Updated by Dominic Cleal over 6 years ago

  • Status changed from New to Resolved

Thanks for confirming Marek. Let us know if you see this on 1.2 Jason, it's should be fixed now.

#5 Updated by Greg Sutcliffe about 6 years ago

  • Description updated (diff)
  • Status changed from Resolved to New
  • Target version changed from 1.2.0 to 1.3.0

#6 Updated by Jason Montleon about 6 years ago

  • Target version deleted (1.3.0)

In 1.2 creating a non-admin user assigned to multiple orgs and then logging in as them will give you nil org, allowing you to see hosts and perform actions you shouldn't be able to.

Once you select an org there is no longer an 'Any Organization' option to easily get back, but logging out and clearing your browser history is enough to get back to a nil org (logging out and back in does not seem to be sufficient).

#7 Updated by Jason Montleon about 6 years ago

in the pull I submitted above the two lines:

+ elsif !User.current.admin?
+ orgs.first

in app/controllers/application_controller.rb stop the user from getting nil org when logging in if they are a non-admin.

I don't know if there are other ways to get nil org by being crafty, but this would at least be a start.

#8 Updated by Jason Montleon about 6 years ago

  • Target version set to 1.3.0

#9 Updated by Dmitri Dolguikh almost 6 years ago

  • Status changed from New to Assigned

#10 Updated by Dmitri Dolguikh almost 6 years ago

  • Status changed from Assigned to Ready For Testing

#11 Updated by Dominic Cleal almost 6 years ago

  • Target version deleted (1.3.0)

#12 Updated by Dominic Cleal over 5 years ago

  • Related to Feature #3914: Need ability to specify a default Organization for a user added

#13 Updated by Dominic Cleal over 5 years ago

  • Related to Bug #4526: Missing 'Any Location'-Option in Location Selection List added

#14 Updated by Ori Rabin over 3 years ago

  • Status changed from Ready For Testing to Resolved

Also available in: Atom PDF