openITCOCKPIT
openITCOCKPIT copied to clipboard
Some wizards are only available for "Administrator" user role
Describe the bug
Due to a limitation within the ACL-Dependency system, some of the wizards are only availalbe for users that are part of the "Administrator" user role. The issue is caused by the fact, that multiple WizardsController
classes exists, which are getting merged into one from the ACL-Dependency system.
The "Administrator" user role has permission to any action on the system. While any other manually create user group, can only select from visible user permissions.
To Reproduce Steps to reproduce the behavior:
- Create a new user role at
Manage User Roles
- Tick all options / permissions
- Create a new user and assigned it to the new user role
- Login as the new user
- Navigate to
Wizards
and try to use a wizard provided by an Module such asNetwork
orOracle
The Server should now respond with an 403 Forbidden error.
Expected behavior Only respond with 403 Forbidden if the user really has no permission to this action :)
Screenshots
Versions
- openITCOKPIT Server Version: 4.5.2
- Operating system: Ubuntu 22.04
ITC-2873 Fixed with https://github.com/it-novum/openITCOCKPIT/pull/1428