Project

General

Profile

Bug #5235

Filter creation allows me to enter and save with a field that isn't available for searching and blows up the resulting entity page

Added by Eric Helms over 5 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
High
Category:
Authorization
Target version:
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

1. Create a New Role
2. Click to add new Filter
3. Select 'Domain'
4. Add all permissions for Domain
5. Enter 'anything = 4' into the Search box
6. click 'Submit' (Note: no validation to stop you from saving this invalid filter)
7. Grant Role to user without any other permissions
8. Log in as new user
9. Navigate to Domains page
10. Attempt to create a Domain

Error output "Invalid search query: Field 'anything' not recognized for searching!"


Related issues

Related to Foreman - Bug #6830: upgrade 1.4.5 to 1.5.2 results in "Invalid search query" errorClosed2014-07-30
Blocks Foreman - Tracker #4552: New permissions/authorization system issuesNew

Associated revisions

Revision 0545fd10 (diff)
Added by Dmitri Dolguikh about 5 years ago

fixes #5235: it's impossible to create filters with invaid searches

Revision 4dbf7958 (diff)
Added by Dmitri Dolguikh almost 5 years ago

fixes #5235: it's impossible to create filters with invaid searches

(cherry picked from commit 0545fd10e610f350e1b43783d3073ab2296bdf33)

History

#1 Updated by Dominic Cleal about 5 years ago

  • Category set to Authorization

#2 Updated by Dominic Cleal about 5 years ago

  • Blocks Tracker #4552: New permissions/authorization system issues added

#3 Updated by Dmitri Dolguikh about 5 years ago

  • Status changed from New to Assigned
  • Assignee set to Dmitri Dolguikh

#4 Updated by Dmitri Dolguikh about 5 years ago

  • Status changed from Assigned to Ready For Testing

#5 Updated by Dominic Cleal about 5 years ago

  • Target version set to 1.8.1

#6 Updated by Dmitri Dolguikh about 5 years ago

  • Target version changed from 1.8.1 to 1.8.0

#7 Updated by Dominic Cleal about 5 years ago

  • Legacy Backlogs Release (now unused) set to 18

#8 Updated by Anonymous about 5 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#9 Updated by Bryan Kearney about 5 years ago

  • Bugzilla link set to 1117832

#10 Updated by Dominic Cleal almost 5 years ago

  • Related to Bug #6830: upgrade 1.4.5 to 1.5.2 results in "Invalid search query" error added

Also available in: Atom PDF