Hello,
Has anyone else hit this issue? 
We did clean install today of Foreman 1.1 and it seems to have the same
problem that user is not able to install new vm (select domain, subnet
etc.) unless user is marked as admin. Could someone confirm if this is "how
it is supposed to work" or do I have some kind of misconfiguration
somewhere?
torstai, 7. helmikuuta 2013 18.53.18 UTC+2 Samuli Heinonen kirjoitti:
Hi Samuli,
Sorry for the delayed response, I've just tested this and can confirm
I'm seeing the same.
I believe this is due to a security fix we put into 1.1RC5, which was
preventing authorisation bypass in Foreman on certain types of HTTP
requests (XMLHttpRequests). I think the fix is now blocking many
interactive components in the UI for non-admin users.
We received this PR to fix the auto-completion functionality for
instance: https://github.com/theforeman/foreman/pull/401
Could I ask you to open a bug with the logs and other info?
http://projects.theforeman.org/projects/foreman/issues/new
Thanks,
On 11/02/13 17:19, Samuli Heinonen wrote:
Hello,
Has anyone else hit this issue?
We did clean install today of Foreman 1.1 and it seems to have the same
problem that user is not able to install new vm (select domain, subnet
etc.) unless user is marked as admin. Could someone confirm if this is
"how it is supposed to work" or do I have some kind of misconfiguration
somewhere?torstai, 7. helmikuuta 2013 18.53.18 UTC+2 Samuli Heinonen kirjoitti:
Hello all, I upgraded today from Foreman 1.0.2 to 1.1 and now I'm facing bit strange issue. User without admin privileges isn't able to install new hosts with Foreman. I have tried setting all roles and settings on but no luck there. New host form opens as expected but when user tries to select "Deploy on", "Environment", "Host group", "Domain" nothing happens and it shows following messages in log file (this happens when user selects domain in network tab): --- Started POST "/hosts/domain_selected" for x.x.x.x at Thu Feb 07 12:15:09 +0200 2013 Processing by HostsController#domain_selected as Parameters: {"domain_id"=>"11", "organization_id"=>"2"} User Load (0.2ms) SELECT `users`.* FROM `users` WHERE `users`.`id` = 3 LIMIT 1 Setting current user thread-local variable to user Setting Load (0.2ms) SELECT `settings`.* FROM `settings` WHERE `settings`.`name` = 'authorize_login_delegation' ORDER BY LOWER(settings.name <http://settings.name>) LIMIT 1 CACHE (0.0ms) SELECT `settings`.* FROM `settings` WHERE `settings`.`name` = 'authorize_login_delegation' ORDER BY LOWER(settings.name <http://settings.name>) LIMIT 1 TaxableTaxonomy Load (0.3ms) SELECT DISTINCT `taxable_taxonomies`.taxonomy_id FROM `taxable_taxonomies` WHERE (`taxable_taxonomies`.taxable_id = 3 AND `taxable_taxonomies`.taxable_type = 'User') SQL (0.2ms) SELECT COUNT(*) FROM `taxonomies` WHERE `taxonomies`.`type` = 'Organization' AND ( (taxonomies.id <http://taxonomies.id> in (1,2))) Organization Load (0.3ms) SELECT `taxonomies`.* FROM `taxonomies` WHERE `taxonomies`.`type` = 'Organization' AND ( (taxonomies.id <http://taxonomies.id> in (1,2))) ORDER BY type, name LIMIT 1 Setting current organization thread-local variable to organization Role Load (0.2ms) SELECT `roles`.* FROM `roles` INNER JOIN `user_roles` ON `roles`.id = `user_roles`.role_id WHERE ((`user_roles`.user_id = 3)) Rendered common/403.rhtml (0.8ms) Completed 403 Forbidden in 46ms (Views: 4.1ms | ActiveRecord: 3.3ms) --- If I give user administrator privileges everything works as planned. Any ideas what might be wrong? Cheers, Samuli Heinonen–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Hello Dominic.
Thank you for your response. I have opened bug of this issue,
Bug #2198: Unable to install new hosts with regular users - Foreman. Please let me know if you
need more information or log files.
-samuli
Hi Samuli,
Thanks, I'm working on it at the moment. We intend to release a fix for
1.1.
On 12/02/13 10:20, Samuli Heinonen wrote:
Hello Dominic.
Thank you for your response. I have opened bug of this issue,
Bug #2198: Unable to install new hosts with regular users - Foreman. Please let me know if you
need more information or log files.-samuli
On 12.02.2013 11:45, Dominic Cleal wrote:
Hi Samuli,
Sorry for the delayed response, I’ve just tested this and can confirm
I’m seeing the same.I believe this is due to a security fix we put into 1.1RC5, which was
preventing authorisation bypass in Foreman on certain types of HTTP
requests (XMLHttpRequests). I think the fix is now blocking many
interactive components in the UI for non-admin users.We received this PR to fix the auto-completion functionality for
instance: https://github.com/theforeman/foreman/pull/401Could I ask you to open a bug with the logs and other info?
ForemanThanks,
–
Dominic Cleal
Red Hat EngineeringOn 11/02/13 17:19, Samuli Heinonen wrote:
Hello,
Has anyone else hit this issue?
We did clean install today of Foreman 1.1 and it seems to have the
same
problem that user is not able to install new vm (select domain,
subnet
etc.) unless user is marked as admin. Could someone confirm if this
is
"how it is supposed to work" or do I have some kind of
misconfiguration
somewhere?torstai, 7. helmikuuta 2013 18.53.18 UTC+2 Samuli Heinonen
kirjoitti:Hello all, I upgraded today from Foreman 1.0.2 to 1.1 and now I'm facingbit
strange issue. User without admin privileges isn’t able to
install
new hosts with Foreman. I have tried setting all roles and
settings
on but no luck there. New host form opens as expected but when
user
tries to select “Deploy on”, “Environment”, “Host group”,
"Domain"
nothing happens and it shows following messages in log file
(this
happens when user selects domain in network tab):--- Started POST "/hosts/domain_selected" for x.x.x.x at Thu Feb 0712:15:09 +0200 2013
Processing by HostsController#domain_selected as
Parameters: {“domain_id”=>“11”, “organization_id”=>“2”}
User Load (0.2ms) SELECTusers.* FROMusersWHERE
users.id= 3 LIMIT 1
Setting current user thread-local variable to user
Setting Load (0.2ms) SELECTsettings.* FROMsettings
WHEREsettings.name= ‘authorize_login_delegation’ ORDER BY
LOWER(settings.name http://settings.name) LIMIT 1
CACHE (0.0ms) SELECTsettings.* FROMsettingsWHERE
settings.name= ‘authorize_login_delegation’ ORDER BY
LOWER(settings.name http://settings.name) LIMIT 1
TaxableTaxonomy Load (0.3ms) SELECT DISTINCT
taxable_taxonomies.taxonomy_id FROMtaxable_taxonomiesWHERE
(taxable_taxonomies.taxable_id = 3 AND
taxable_taxonomies.taxable_type = ‘User’)
SQL (0.2ms) SELECT COUNT() FROMtaxonomiesWHERE
taxonomies.type= ‘Organization’ AND ( (taxonomies.id
http://taxonomies.id in (1,2)))
Organization Load (0.3ms) SELECTtaxonomies. FROM
taxonomiesWHEREtaxonomies.type= ‘Organization’ AND (
(taxonomies.id http://taxonomies.id in (1,2))) ORDER BY type, name
LIMIT 1
Setting current organization thread-local variable to
organization
Role Load (0.2ms) SELECTroles.* FROMrolesINNER JOIN
user_rolesONroles.id =user_roles.role_id WHERE
((user_roles.user_id = 3))
Rendered common/403.rhtml (0.8ms)
Completed 403 Forbidden in 46ms (Views: 4.1ms | ActiveRecord:
3.3ms)--- If I give user administrator privileges everything works asplanned.
Any ideas what might be wrong?Cheers, Samuli Heinonen–
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it,
send
an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at
http://groups.google.com/group/foreman-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.