You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@ambari.apache.org by Sangeeta Ravindran <sa...@gmail.com> on 2017/05/26 21:22:19 UTC
Review Request 59613: Roles below Cluster Administrator should not be
allowed to edit repositories and install stack versions
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59613/
-----------------------------------------------------------
Review request for Ambari, Alexandr Antonenko and Robert Levas.
Bugs: AMBARI-21120
https://issues.apache.org/jira/browse/AMBARI-21120
Repository: ambari
Description
-------
Login as a user with a role below Cluster Administrator. For e.g. Service Administrator.
Click on Stack and Versions.
1. Try to edit a stack version that is not yet installed on the cluster.
Click on Save. The UI reloads and returns to Services Dashboard.
On the browser console, you can see a HTTP 403 because the user does not have the privilege to edit stack versions.
This happens because for users without MANAGE_STACK_VERSION privilege, the Edit Repository button is disabled only for the current stack version.
2. Click on Install. When you click on on the popup confirming that the packages will be installed on all hosts, you get a popup with an error "Packages could not be installed. You do not have permissions to access this resource".
This happens because there is no check for CLUSTER.UPGRADE_DOWNGRADE_STACK privilege when enabling the Install button.
Diffs
-----
ambari-web/app/views/main/admin/stack_upgrade/upgrade_version_box_view.js f102402
ambari-web/test/views/main/admin/stack_upgrade/upgrade_version_box_view_test.js 153b66f
Diff: https://reviews.apache.org/r/59613/diff/1/
Testing
-------
Manual testing. Updated test case.
mvn clean test
Thanks,
Sangeeta Ravindran
Re: Review Request 59613: Roles below Cluster Administrator should
not be allowed to edit repositories and install stack versions
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59613/#review176253
-----------------------------------------------------------
Ship it!
Ship It!
- Robert Levas
On May 26, 2017, 5:22 p.m., Sangeeta Ravindran wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59613/
> -----------------------------------------------------------
>
> (Updated May 26, 2017, 5:22 p.m.)
>
>
> Review request for Ambari, Alexandr Antonenko and Robert Levas.
>
>
> Bugs: AMBARI-21120
> https://issues.apache.org/jira/browse/AMBARI-21120
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Login as a user with a role below Cluster Administrator. For e.g. Service Administrator.
>
> Click on Stack and Versions.
>
> 1. Try to edit a stack version that is not yet installed on the cluster.
> Click on Save. The UI reloads and returns to Services Dashboard.
> On the browser console, you can see a HTTP 403 because the user does not have the privilege to edit stack versions.
>
> This happens because for users without MANAGE_STACK_VERSION privilege, the Edit Repository button is disabled only for the current stack version.
>
> 2. Click on Install. When you click on on the popup confirming that the packages will be installed on all hosts, you get a popup with an error "Packages could not be installed. You do not have permissions to access this resource".
>
> This happens because there is no check for CLUSTER.UPGRADE_DOWNGRADE_STACK privilege when enabling the Install button.
>
>
> Diffs
> -----
>
> ambari-web/app/views/main/admin/stack_upgrade/upgrade_version_box_view.js f102402
> ambari-web/test/views/main/admin/stack_upgrade/upgrade_version_box_view_test.js 153b66f
>
>
> Diff: https://reviews.apache.org/r/59613/diff/1/
>
>
> Testing
> -------
>
> Manual testing. Updated test case.
> mvn clean test
>
>
> Thanks,
>
> Sangeeta Ravindran
>
>
Re: Review Request 59613: Roles below Cluster Administrator should
not be allowed to edit repositories and install stack versions
Posted by Alexandr Antonenko <hi...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59613/#review176470
-----------------------------------------------------------
Ship it!
Ship It!
- Alexandr Antonenko
On May 26, 2017, 9:22 p.m., Sangeeta Ravindran wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59613/
> -----------------------------------------------------------
>
> (Updated May 26, 2017, 9:22 p.m.)
>
>
> Review request for Ambari, Alexandr Antonenko and Robert Levas.
>
>
> Bugs: AMBARI-21120
> https://issues.apache.org/jira/browse/AMBARI-21120
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Login as a user with a role below Cluster Administrator. For e.g. Service Administrator.
>
> Click on Stack and Versions.
>
> 1. Try to edit a stack version that is not yet installed on the cluster.
> Click on Save. The UI reloads and returns to Services Dashboard.
> On the browser console, you can see a HTTP 403 because the user does not have the privilege to edit stack versions.
>
> This happens because for users without MANAGE_STACK_VERSION privilege, the Edit Repository button is disabled only for the current stack version.
>
> 2. Click on Install. When you click on on the popup confirming that the packages will be installed on all hosts, you get a popup with an error "Packages could not be installed. You do not have permissions to access this resource".
>
> This happens because there is no check for CLUSTER.UPGRADE_DOWNGRADE_STACK privilege when enabling the Install button.
>
>
> Diffs
> -----
>
> ambari-web/app/views/main/admin/stack_upgrade/upgrade_version_box_view.js f102402
> ambari-web/test/views/main/admin/stack_upgrade/upgrade_version_box_view_test.js 153b66f
>
>
> Diff: https://reviews.apache.org/r/59613/diff/1/
>
>
> Testing
> -------
>
> Manual testing. Updated test case.
> mvn clean test
>
>
> Thanks,
>
> Sangeeta Ravindran
>
>