Improve permissions on resources in host creation/editing form
Users, Roles and Permissions
We can limit resources that are displayed to the user in host form using new granular permission. Or we could allow resources based on used hostgroup.
- Related to Feature #812: cant assign roles to groups, just to users added
The same applies to other resources like domains, subnets and realms which have associated smart proxies. In theory we can use .authorized and only show the proxies on the form which the user has access to, but in practice this means a user who has edit permissions on a domain but no rights to view the associated smart proxies might inadvertently unset or change the associated proxy.
Our forms need to be smarter about associations to other resources that the user doesn't have access to.
- Has duplicate Bug #6470: Hostgroup selection box does not honor create_hosts filter added
- Related to Bug #6226: if only one option for required field on new host page (ex. installation media), then automatically select it added
- Bugzilla link set to 1118312
- Related to Bug #6760: Models should ensure the authorization of associated objects before associating them to the model added
- Related to Bug #1875: user restricted to compute resource(s) can create baremetal hosts added
- Status changed from New to Assigned
- Target version set to 1.7.5
- Assignee set to Anonymous
- Target version changed from 1.7.5 to 1.7.4
- Related to Feature #7289: ACL who can add a host to hostgroup. added
- Target version deleted (
- Status changed from Assigned to New
Once a host group is created it is not possible to change puppet classes from within the host group once hosts are associated to it. However it is possible to associate puppet classes from the Configure -> Puppet -> Puppet Classes tab and check box them so they will work. The other issue is it's not possible to populate parameter overrides since I receive the error "Validation failed: Taxonomy has already been taken"
This does not seem related to this authorization issue. Please open a separate issue unless there's an existing one for the issue you have.
Edit (domcleal): #13620
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/3369 added
- Has duplicate Bug #14248: Unable to control where users can build hosts added
- Bugzilla link changed from 1118312 to 1293716
- Assignee changed from Anonymous to Tomer Brisker
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
- translation missing: en.field_release set to 160
- Related to Bug #18042: Host Compute Resource field does not honor view permissions added
Also available in: Atom