-
Notifications
You must be signed in to change notification settings - Fork 989
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Broken hound #4172
Broken hound #4172
Conversation
In this scenario: 1. User has one organization - "E-Corp" - this organization allows the user to see every hostgroup (via selecting "all host groups" when editing the organization). 2. User has a location "Czech republic" that also includes all host groups through that checkbox. 3. User visits /hostgroups with "any context" selected, or "E-Corp/any location", or "any organization/Czech republic". The result is that the user does not see all host groups even though there's an organization/location combination (e-corp/czech republic) that should allow the user to see all host groups. --- The reason is that when `Hostgroup.taxable_ids` is called `Organization.ignore?` does not realize that there it should look in all Organizations to see if any of them 'ignores' (has "all host groups" checked) the resource. The same thing happens with Locations. The fix is to make `ignore?` aware the 'Organization.current == nil' means 'Any organization', not 'No organization'.
The default scope for hosts and other objects did not restrict properly by taxonomies. An user without organizations or locations, could do anything it's permissions allow to. The list of hosts was unrestricted and showed hosts in any location or organization. This is fixed to work so that: Users without taxonomies, when set to 'any context' cannot see anything (at all) Users with taxonomies, when set to 'any context' can see everything within all of their taxonomies context (including children taxonomies). Admins set to 'any context' can see everything - regardless of whether it has a taxonomy or not. Users or admins set to some organization/location scope can only see stuff within scope.
@dLobatog, thanks for your PR! By analyzing the history of the files in this pull request, we identified @isratrade, @ares and @GregSutcliffe to be potential reviewers. |
assert_difference "Organization.unscoped.count", 1 do | ||
post :create, { | ||
:organization => organization_dup.selected_ids.each { |_,v| v.uniq! } | ||
.merge(:name => 'organization_dup_name') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Place the . on the previous line, together with the method call receiver.
assert_difference "Location.unscoped.count", 1 do | ||
post :create, { | ||
:location => location_dup.selected_ids.each { |_,v| v.uniq! } | ||
.merge(:name => 'location_dup_name') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Place the . on the previous line, together with the method call receiver.
No description provided.