openITCOCKPIT icon indicating copy to clipboard operation
openITCOCKPIT copied to clipboard

Published 20 hours ago verified publisher icon it-novum

Some wizards are only available for "Administrator" user role

Open nook24 opened this issue 1 year ago • 1 comments

Describe the bug Due to a limitation within the ACL-Dependency system, some of the wizards are only availalbe for users that are part of the "Administrator" user role. The issue is caused by the fact, that multiple WizardsController classes exists, which are getting merged into one from the ACL-Dependency system.

The "Administrator" user role has permission to any action on the system. While any other manually create user group, can only select from visible user permissions.

To Reproduce Steps to reproduce the behavior:

  1. Create a new user role at Manage User Roles
  2. Tick all options / permissions
  3. Create a new user and assigned it to the new user role
  4. Login as the new user
  5. Navigate to Wizards and try to use a wizard provided by an Module such as Network or Oracle

The Server should now respond with an 403 Forbidden error.

Expected behavior Only respond with 403 Forbidden if the user really has no permission to this action :)

Screenshots

Screenshot 2022-10-06 085943

Versions

  • openITCOKPIT Server Version: 4.5.2
  • Operating system: Ubuntu 22.04

nook24 avatar Oct 06 '22 07:10 nook24

ITC-2873 Fixed with https://github.com/it-novum/openITCOCKPIT/pull/1428

ibering avatar Oct 06 '22 08:10 ibering