Bug #10644
closed
User without edit_classes permission removes host group class associations
Description
reproduce:
1 Make host group test_classes
2 Assign any puppet class to group(hosts, for example)
3 Add some parameter in group. test_param=999
4 Create user role testuser
5 Add to role filters as image:
6 Assign role testuser to some LDAP user(local not checked)
7 Login as LDAP user
8 change test_param=sdafsa, add parameter test_param2=000
9 Press Submit
10 Check Audits - some like
User IPcreated Hostgroup : test_param2 / test_classesUser IPupdated Hostgroup : test_param / test_classesUser IPremoved Hostgroup Class: 681 / test_classes
Removed test_classes from test_classes
11 Check host group classes - is empty now.
No more classes assigned to this group.
Files
Updated by Dominic Cleal almost 9 years ago
- Subject changed from users can autoerase all puppet classes assigned to group without any desire to User without edit_classes permission removes host group class associations
- Category set to Users, Roles and Permissions
Untested, but sounds like it's when the user's missing the edit_classes permission.
Updated by Anatoly Zhestov almost 9 years ago
Dominic Cleal wrote:
Untested, but sounds like it's when the user's missing the edit_classes permission.
Exactly. But i need of user who's not have this permission.
Updated by Anatoly Zhestov almost 9 years ago
UPDATE!
Bug caused by filter:
Audited/adapters/active record/audit view_audit_logs hostgroup = test_classes
With checked "unlimited" in filter view_audit_logs () - no any class deleted!
Updated by Anatoly Zhestov almost 9 years ago
ups. error.
Right is:
Host class edit_classes Toggle_check none
Updated by Anonymous