Organization and Location for new resources

Hello,

I don't understand how to assign Org/Loc to my resource I am working on
(it's discovery rules actually but it applies to everything in Foreman).
Example workflow:

  • create a role with view_partition_tables and create_part_tables
  • give the role view_organizations/view_locations as well (unlimited)
  • sign in and create new part table
  • submit the form
  • an error occurs (*)
  • no error message displayed on screen
  • Organization/Location tabs are visible but empty

(*) Failed to save: Organization ids Invalid organizations selection,
you must select at least one of yours, Location ids Invalid locations
selection, you must select at least one of yours

I am currently not able to select any Organization/Location from the
tabs as I see nothing there. I am working under Any Organization
context, but tried to switch to particular Organization as well without
success. Also tried to assign an Organization using filter to the user
but it does not appear in the Org selector as well.

Can someone explain to me what do I miss here? Must be some kind of
permission that is missing.

··· -- Later, Lukas #lzap Zapletal

Hi

putting some explanation below in text

> Hello,
>
> I don't understand how to assign Org/Loc to my resource I am working on
> (it's discovery rules actually but it applies to everything in Foreman).
> Example workflow:
>
> - create a role with view_partition_tables and create_part_tables
> - give the role view_organizations/view_locations as well (unlimited)
> - sign in and create new part table
> - submit the form
> - an error occurs ()
> - no error message displayed on screen
> - Organization/Location tabs are visible but empty
>
> (
) Failed to save: Organization ids Invalid organizations selection,
> you must select at least one of yours, Location ids Invalid locations
> selection, you must select at least one of yours

I suppose the user is not administrator, so the first question should be - is
user assigned to some organizations/locations? I assume in this case the
answer is yes, see below

> I am currently not able to select any Organization/Location from the
> tabs as I see nothing there. I am working under Any Organization
> context, but tried to switch to particular Organization as well without
> success. Also tried to assign an Organization using filter to the user
> but it does not appear in the Org selector as well.

If the user can choose specific context he's likely assigned to these orgs and
locs and have correct view_organizations and view_locations permissions. But
to assign taxonomies he must also have assign_organizations and
assign_locations permissions. The reason is that by assigning resources to
another taxonomies you make it potentially available for other users so you
have to be careful about who you grant these permissions to. View permissions
are not enough as they are needed for just accessing the data in particular
taxonomy.

> Can someone explain to me what do I miss here? Must be some kind of
> permission that is missing.

Unfortunately you found a bug that was introduced in [1]. I think this patch
could never work with taxonomies select, which btw indicates that Foreman
nightly/1.9 users don't delegate taxonomies management to non-admin users.

I've opened an issue [2] and will try to send fixing PR today.

[1] https://github.com/theforeman/foreman/commit/887e2fd9
[2] Bug #11187: Taxonomy selectors are empty even for users with assign permissions - Foreman

Hope this make it a bit clearer.

··· On Wednesday 22 of July 2015 09:44:03 Lukas Zapletal wrote:


Marek