Bug #29914
User without view_organization permission cannot switch organization
Description
The top bar menu is only shown if the user has the permission which is incorrect, a user with more than one organization should be able to change their organization even without the permission.
Same is true for locations.
The source of the issue is a check for "show_{taxonomy}_tab" which is used on edit forms and shouldn't be used by the selector.
Related issues
Associated revisions
History
#1
Updated by Tomer Brisker almost 3 years ago
- Difficulty set to easy
#2
Updated by Marek Hulán almost 3 years ago
I don't think we should support such inconsistency, I'd rather grant such permission by assigning user to the organization. Note that we're probably checking view_organizations on many other places (host form selection, multi selects in objects forms, audits list).
The other option, which I like less, is, authz helpers returning true in case user is assigned to a given org.
#3
Updated by Tomer Brisker almost 3 years ago
The case here is when a user is assigned to two organizations without view_organization, they can't change to a different organization because the dropdown isn't displayed. this is a regression of the nav bar reimplementation in react, previously the navbar did show the option to change locations (e.g.: https://github.com/theforeman/foreman/blob/1.19-stable/app/views/home/_location_dropdown.html.erb)
#4
Updated by Tomer Brisker almost 3 years ago
- Related to Task #23448: react implementation for navigation bar added
#5
Updated by Tomer Brisker almost 3 years ago
- Found in Releases 1.20.0 added
#6
Updated by The Foreman Bot over 2 years ago
- Assignee set to Amir Fefer
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/7824 added
#7
Updated by The Foreman Bot over 2 years ago
- Status changed from Ready For Testing to New
- Pull request deleted (
https://github.com/theforeman/foreman/pull/7824)
#8
Updated by The Foreman Bot over 2 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/7824 added
#9
Updated by The Foreman Bot about 2 years ago
- Fixed in Releases 2.4.0 added
#10
Updated by Amir Fefer about 2 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset foreman|0c894d317b8da47b5fdb29af74c41e78591de239.
Fixes #29914 - show taxonomy switcher when no view permission