Adding global filters only possible by (super)admin #6253
Conversation
| @@ -48,7 +48,7 @@ def adv_search_button_saveid | |||
| add_flash(_("Search Name is required"), :error) if params[:button] == 'saveit' | |||
| false | |||
| else | |||
| s = @edit[@expkey].build_search(@edit[:new_search_name], @edit[:search_type], session[:userid]) | |||
| s = @edit[@expkey].build_search(@edit[:new_search_name], current_user.super_admin_user? || current_user.super_admin_user? ? @edit[:search_type] : nil, session[:userid]) | |||
There was a problem hiding this comment.
Why is current_user.super_admin_user? || current_user.super_admin_user? ? @edit[:search_type] : nil needed here?
There was a problem hiding this comment.
It solves the following bug:
User can load a custom filter made by the admin ..
.. and save a changed version of this.
Now the filter will be seen by all users, not only of his own tenant.
This is because the loaded filter will adopt the search type of the used filter. So when a user loads an global filter, his changed version will also be global. This proposed change fixes this, by only allowing admins and superadmins to save filters as global filters
There was a problem hiding this comment.
Right. But why would you need to do
current_user.super_admin_user? || current_user.super_admin_user??
i.e. why do you need true || true (or false || false) here?
There was a problem hiding this comment.
Oops.. Of course that had to be admin and super_admin. I overlooked it both after your comment and after writing it. I changed it
Adding global filters only for (super)admin
|
Checked commit https://github.com/Nadkine/manageiq-ui-classic/commit/af9b2bc0f8709aac88e65f182f017bb90a1770c4 with ruby 2.4.6, rubocop 0.69.0, haml-lint 0.20.0, and yamllint 1.10.0 |
|
@mzazrivec what is the status of this PR? |
|
@h-kataria if you have a chance, please review |
| @@ -48,7 +48,7 @@ def adv_search_button_saveid | |||
| add_flash(_("Search Name is required"), :error) if params[:button] == 'saveit' | |||
| false | |||
| else | |||
| s = @edit[@expkey].build_search(@edit[:new_search_name], @edit[:search_type], session[:userid]) | |||
| s = @edit[@expkey].build_search(@edit[:new_search_name], current_user.admin_user? || current_user.super_admin_user? ? @edit[:search_type] : nil, session[:userid]) | |||
There was a problem hiding this comment.
@Nadkine admin_user? method does not exist, you should only check for current_user.super_admin_user?
|
@Nadkine also need to make sure that the checkbox "Global Search" on the "Save" filter screen is only visible to super admin or an admin user |
|
Unfortunately I'm not able to work on this issue anymore |
This PR addresses issues mention in ManageIQ#6253
|
closing in favor of #6723 |
- Any features that are common thru out the UI, are accessible from multiple screens in UI can live in this section. Example of such feature is Advanced search that is available thru out the UI and cannot be added as an individual feature under any one section. - New feature added in this PR addresses an issue where in the past only Super Admin user and Admin user could add Global filters for everyone to see, but now as we have different types of Admin users it is better to have this as a product feature. Without this fix currently anyone can add global filters in UI. This PR addresses issues mention in ManageIQ/manageiq-ui-classic#6253
Changed code to check for newly added product feature to determine whether a user is allowed to add global filters or not, instead of checking if a user is super admin or admin user. This PR addresses issues mention in ManageIQ#6253
Changed code to check for newly added product feature to determine whether a user is allowed to add global filters or not, instead of checking if a user is super admin or admin user. This PR addresses issues mention in ManageIQ#6253
Our tenants are able to add global filters for VM's by loading a global filter (which is already added by an admin) in the 'advanced search ' tab, then editing and saving it. The fact that other tenants can see these filters obviously shouldn't be possible. I think the adding of global filters should only be able for admin and super admin users. The proposed change might not be the most elegant one, but fixes the described bug.