Project

General

Profile

Bug #29914

User without view_organization permission cannot switch organization

Added by Tomer Brisker over 1 year ago. Updated 10 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Organizations and Locations
Target version:
-
Difficulty:
easy
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

The top bar menu is only shown if the user has the permission which is incorrect, a user with more than one organization should be able to change their organization even without the permission.
Same is true for locations.
The source of the issue is a check for "show_{taxonomy}_tab" which is used on edit forms and shouldn't be used by the selector.


Related issues

Related to Foreman - Task #23448: react implementation for navigation barClosed

Associated revisions

Revision 0c894d31 (diff)
Added by Amir Fefer 10 months ago

Fixes #29914 - show taxonomy switcher when no view permission

History

#1 Updated by Tomer Brisker over 1 year ago

  • Difficulty set to easy

#2 Updated by Marek Hulán over 1 year ago

I don't think we should support such inconsistency, I'd rather grant such permission by assigning user to the organization. Note that we're probably checking view_organizations on many other places (host form selection, multi selects in objects forms, audits list).

The other option, which I like less, is, authz helpers returning true in case user is assigned to a given org.

#3 Updated by Tomer Brisker over 1 year ago

The case here is when a user is assigned to two organizations without view_organization, they can't change to a different organization because the dropdown isn't displayed. this is a regression of the nav bar reimplementation in react, previously the navbar did show the option to change locations (e.g.: https://github.com/theforeman/foreman/blob/1.19-stable/app/views/home/_location_dropdown.html.erb)

#4 Updated by Tomer Brisker over 1 year ago

  • Related to Task #23448: react implementation for navigation bar added

#5 Updated by Tomer Brisker over 1 year ago

  • Found in Releases 1.20.0 added

#6 Updated by The Foreman Bot over 1 year ago

  • Assignee set to Amir Fefer
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/7824 added

#7 Updated by The Foreman Bot 12 months ago

  • Status changed from Ready For Testing to New
  • Pull request deleted (https://github.com/theforeman/foreman/pull/7824)

#8 Updated by The Foreman Bot 12 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/7824 added

#9 Updated by The Foreman Bot 10 months ago

  • Fixed in Releases 2.4.0 added

#10 Updated by Amir Fefer 10 months ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF