Project

General

Profile

Bug #34332

usability issues for user without execute_jobs_on_infrastructure_hosts permissions

Added by Adam Ruzicka 5 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=2046281

Description of problem:

User without execute_jobs_on_infrastructure_hosts permission is not able to run rex jobs against Satellite and Capsule, but the UI does not sufficiently reflect this

Version-Release number of selected component (if applicable):

How reproducible:
always

Steps to Reproduce:

Case1:
1. have a user with job invocations perms but without execute_jobs_on_infrastructure_hosts permission (e.g. Rex Manager role)
2. On the hosts page, select just the satellite or capsule host.
3. Select Select Action > Schedule remote job
4. In the Rex job dialog, the search query is prefilled with "name ^ ()"

This allows user to trigger the job as the form validation doesn't trigger on a non-empty search field

Case2:
1. having the same user, navigate to the sat or capsule host details
2. "Schedule remote job" button is active and triggers the Rex form with "name ^ ()" prefilled

Actual results:
User can run a job against no hosts

Expected results:
In case 1 the search query field should be empty, in case 2 the "Schedule remote job" button should be disabled

Additional info:


Related issues

Related to Ansible - Bug #34333: Ansible should take special infra role permission into account when displaying buttonsNew
Related to Leapp - Bug #34331: Leapp does not check permissions when generating host action buttonsNew

Associated revisions

Revision 1e286ddc (diff)
Added by Adam Ruzicka 5 months ago

Fixes #34332 - Do not prefill search query when no hosts

Revision a98967ee (diff)
Added by Adam Ruzicka 5 months ago

Fixes #34332 - Do not show buttons when unauthorized

History

#1 Updated by Adam Ruzicka 5 months ago

  • Related to Bug #34333: Ansible should take special infra role permission into account when displaying buttons added

#2 Updated by Adam Ruzicka 5 months ago

  • Related to Bug #34331: Leapp does not check permissions when generating host action buttons added

#3 Updated by The Foreman Bot 5 months ago

  • Assignee set to Adam Ruzicka
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman_remote_execution/pull/688 added

#4 Updated by The Foreman Bot 5 months ago

  • Fixed in Releases added

#5 Updated by Adam Ruzicka 5 months ago

  • Status changed from Ready For Testing to Closed

#6 Updated by Adam Ruzicka 4 months ago

  • Fixed in Releases foreman_remote_execution-5.0.2 added

#7 Updated by Adam Ruzicka 4 months ago

  • Fixed in Releases foreman_remote_execution-6.0.0 added
  • Fixed in Releases deleted ()

Also available in: Atom PDF