Bug #29914: User without view_organization permission cannot switch organization - Foreman

Actions

Copy link

Bug #29914

closed

User without view_organization permission cannot switch organization

Added by Tomer Brisker over 4 years ago. Updated almost 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Amir Fefer

Category:

Organizations and Locations

Target version:

Difficulty:

easy

Triaged:

Bugzilla link:

Pull request:

https://github.com/theforeman/foreman/pull/7824

Fixed in Releases:

2.4.0

Found in Releases:

1.20.0

Red Hat JIRA:

Description

The top bar menu is only shown if the user has the permission which is incorrect, a user with more than one organization should be able to change their organization even without the permission.
Same is true for locations.
The source of the issue is a check for "show_{taxonomy}_tab" which is used on edit forms and shouldn't be used by the selector.

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Updated by Tomer Brisker over 4 years ago

Difficulty set to easy

Actions

Copy link

Updated by Marek Hulán over 4 years ago

I don't think we should support such inconsistency, I'd rather grant such permission by assigning user to the organization. Note that we're probably checking view_organizations on many other places (host form selection, multi selects in objects forms, audits list).

The other option, which I like less, is, authz helpers returning true in case user is assigned to a given org.

Actions

Copy link

Updated by Tomer Brisker over 4 years ago

The case here is when a user is assigned to two organizations without view_organization, they can't change to a different organization because the dropdown isn't displayed. this is a regression of the nav bar reimplementation in react, previously the navbar did show the option to change locations (e.g.: https://github.com/theforeman/foreman/blob/1.19-stable/app/views/home/_location_dropdown.html.erb)

Actions

Copy link