Bug #7337
closed
organizations UI does not filter resources to associate based upon RBAC
Description
The list of resources to association with an organization or location, for example subnets, does not honor the user's RBAC permissions. For example, if a user has a filter to see only subnet S1 but there are other subnets S2 and S3, all three will be displayed instead of just S1.
Also related, however, is the fact that the UI sends up the list of subnets on form submit as a group. This means that if the above case is fixed so that the user only sees S1 in the list of choices, this will lead to them effectively remove S2 and S3 if another user had added those. The UI needs to be fixed to perform separate add and remove operations on individual IDs rather than blindly posting back what it believes to be the full set.
Updated by
Updated by Dominic Cleal over 10 years ago
- Related to Bug #6760: Models should ensure the authorization of associated objects before associating them to the model added
Updated by Dominic Cleal over 10 years ago
- Related to Bug #7221: Edit organization displays associated resources for use w/o permissions added
Updated by Dominic Cleal over 10 years ago
- Category changed from Web Interface to Users, Roles and Permissions
Updated by Tomer Brisker about 10 years ago
- Status changed from New to Assigned
- Assignee set to Tomer Brisker
Updated by The Foreman Bot about 10 years ago
- Status changed from Assigned to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/2225 added
- Pull request deleted (
)
Updated by Dominic Cleal about 10 years ago
- Translation missing: en.field_release set to 35
Updated by Anonymous about 10 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 887e2fd905a470cfd8d2f7db25d1b4274c548afc.
Updated by Marek Hulán almost 10 years ago
- Related to Bug #11187: Taxonomy selectors are empty even for users with assign permissions added