Broken hound #4172
Closed
Broken hound #4172
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In this scenario:
1. User has one organization - "E-Corp" - this organization allows the
user to see every hostgroup (via selecting "all host groups" when
editing the organization).
2. User has a location "Czech republic" that also includes all host
groups through that checkbox.
3. User visits /hostgroups with "any context" selected, or "E-Corp/any
location", or "any organization/Czech republic". The result is that the
user does not see all host groups even though there's an
organization/location combination (e-corp/czech republic) that should
allow the user to see all host groups.
---
The reason is that when `Hostgroup.taxable_ids` is called
`Organization.ignore?` does not realize that there it should look in all
Organizations to see if any of them 'ignores' (has "all host groups"
checked) the resource. The same thing happens with Locations.
The fix is to make `ignore?` aware the 'Organization.current == nil'
means 'Any organization', not 'No organization'.
The default scope for hosts and other objects did not restrict properly by taxonomies. An user without organizations or locations, could do anything it's permissions allow to. The list of hosts was unrestricted and showed hosts in any location or organization. This is fixed to work so that: Users without taxonomies, when set to 'any context' cannot see anything (at all) Users with taxonomies, when set to 'any context' can see everything within all of their taxonomies context (including children taxonomies). Admins set to 'any context' can see everything - regardless of whether it has a taxonomy or not. Users or admins set to some organization/location scope can only see stuff within scope.
|
@dLobatog, thanks for your PR! By analyzing the history of the files in this pull request, we identified @isratrade, @ares and @GregSutcliffe to be potential reviewers. |
houndci-bot
reviewed
Jan 10, 2017
| assert_difference "Organization.unscoped.count", 1 do | ||
| post :create, { | ||
| :organization => organization_dup.selected_ids.each { |_,v| v.uniq! } | ||
| .merge(:name => 'organization_dup_name') |
There was a problem hiding this comment.
Place the . on the previous line, together with the method call receiver.
houndci-bot
reviewed
Jan 10, 2017
| assert_difference "Location.unscoped.count", 1 do | ||
| post :create, { | ||
| :location => location_dup.selected_ids.each { |_,v| v.uniq! } | ||
| .merge(:name => 'location_dup_name') |
There was a problem hiding this comment.
Place the . on the previous line, together with the method call receiver.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.