Embedded automate->Customization->Dialogs does not have view permissions #23528
Description
- There are only modify permissions. There aren't view permissions like other feature sections.
- Once added, it looks like the UI might be asking if the user has the toplevel dialogs or customization feature, which may not be true if you have only view permission, or remove the delete dialog permission. The UI code already hints at the missing "view" product features for dialogs:
% git grep -E "miq_ae_customization_explorer|dialog_accord"
app/controllers/miq_ae_customization_controller.rb: assert_privileges('miq_ae_customization_explorer') # feature like miq_ae_customization_service_dialog_import_export is missing
app/controllers/miq_ae_customization_controller.rb: assert_privileges('miq_ae_customization_explorer') # feature like miq_ae_customization_service_dialog_import_export is missing
app/controllers/miq_ae_customization_controller.rb: assert_privileges('miq_ae_customization_explorer') # feature like miq_ae_customization_service_dialog_import_export is missing
app/controllers/miq_ae_customization_controller.rb: feature = "dialog_accord"
app/controllers/miq_ae_customization_controller.rb: assert_privileges('dialog_accord') # feature like miq_ae_customization_service_dialog_show is missing
app/controllers/miq_ae_customization_controller.rb: :role => "dialog_accord",
app/controllers/miq_ae_customization_controller/dialogs.rb: assert_privileges('dialog_accord') # feature like miq_ae_customization_dialog_list is missing
app/helpers/catalog_helper.rb: if role_allows?(:feature => "dialog_accord", :any => true)
See: ManageIQ/manageiq-ui-classic@e589536
- Finally, we'd need to write a data migration to ensure anyone with
dialog_admin,dialog_new_editor,dialog_copy_editor, anddialog_deletemodify permissions would automatically get the new view(s) permissions. Anyone withdialog_accordandmiq_ae_customization_explorerpermissions would automatically give all permissions below it so wouldn't need to be migrated.