Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1513959 - [RFE] No use case for deleting admin user
Summary: [RFE] No use case for deleting admin user
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: web-admin-tendrl-api
Version: rhgs-3.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Nishanth Thomas
QA Contact: sds-qe-bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-16 11:40 UTC by Filip Balák
Modified: 2018-12-06 10:24 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-12-06 10:24:51 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github Tendrl api issues 299 None None None 2017-11-16 11:40:39 UTC

Description Filip Balák 2017-11-16 11:40:40 UTC
Description of problem:
I have users admin and thardy. Both are admins. I am logged in as admin.
I try to delete user thardy via API as documented but the response is 403 Forbidden. Normal users can be removed. When I call Update User API call on user thardy:

# curl -H 'Content-Type: application/json' -H 'Authorization: Bearer d03ebb195dbe6385a7caeda699f9930ff2e49f29c381ed82dc95aa642a7660b8' -XPUT -d '{"role":"normal"}' http://127.0.0.1/api/1.0/users/thardy


Version-Release number of selected component (if applicable):
tendrl-selinux-1.5.3-2.el7rhgs.noarch
tendrl-commons-1.5.4-2.el7rhgs.noarch
tendrl-api-httpd-1.5.4-2.el7rhgs.noarch
tendrl-grafana-selinux-1.5.3-2.el7rhgs.noarch
tendrl-ansible-1.5.4-1.el7rhgs.noarch
tendrl-node-agent-1.5.4-2.el7rhgs.noarch
tendrl-ui-1.5.4-2.el7rhgs.noarch
tendrl-grafana-plugins-1.5.4-3.el7rhgs.noarch
tendrl-notifier-1.5.4-2.el7rhgs.noarch
tendrl-api-1.5.4-2.el7rhgs.noarch
tendrl-monitoring-integration-1.5.4-3.el7rhgs.noarch


How reproducible:
100%

Steps to Reproduce:
1. Log into Tendrl as default admin user.
2. Navigate to Admin->Users.
3. Create new user thardy with `admin` role.
4. Try to find a way how to delete thardy user from UI or change its role.
5. Call from command line: 

# curl -H 'Content-Type: application/json' -H 'Authorization: Bearer d03ebb195dbe6385a7caeda699f9930ff2e49f29c381ed82dc95aa642a7660b8' -XDELETE http://127.0.0.1/api/1.0/users/thardy

Actual results:
There is no way how to delete user with admin role. API call returns `403 Forbidden`.

Expected results:
I think that admin should be able to delete other admin users. Only last admin in system should stay. This can not be overcome by changing role of the user because it doesn't work.

Additional info:

Comment 1 Neha Gupta 2017-11-16 14:48:19 UTC
There is not going to be any scenario where multiple admin users will manage the Tendrl. One can create "Normal"(Read-write) user to perform all the actions of Tendrl-UI. Admin user has just extra privilege for user management actions.

Comment 2 Lubos Trilety 2017-11-20 07:15:47 UTC
(In reply to Neha Gupta from comment #1)
> There is not going to be any scenario where multiple admin users will manage
> the Tendrl. One can create "Normal"(Read-write) user to perform all the
> actions of Tendrl-UI. Admin user has just extra privilege for user
> management actions.

If there is no scenario where there is more admin users then why we allow creation of another one?

That said we have two possibilities first allow delete of admin users or second not provide creation of such user.

Comment 4 Nishanth Thomas 2018-12-06 10:24:51 UTC
Not planing to address this in near future. Closing the issue.


Note You need to log in before you can comment on or make changes to this bug.