Deletion of objects should not treat ACL on each tab separately
Deletion of objects should not treat ACL on each tab separately
Description
Deleting a system with an admin account remove the DNS entry as well (a blue popup with "DNS update" shows up) while doing it with a limited account does not (no popup and removal is faster).
Meanwhile, renaming a system with the limited account does update the DNS as well (I think it delete/recreate the entries in an LDAP pov). The blue message pops up.
Distribution Name and Version
RHEL7
FusionDirectory Version
1.2 fixes
Plugin with the defect
DNS
PHP version used
5.4
Origin of php packages
epel/rhel channels
Steps to Reproduce
- Delete a system
- Edit the DNS zone the system was registered in, the record still exists
Expected behavior:
Deletion with limited account
Actual behavior:
No deletion
Reproduces how often: 100%
Additional Information
ACLs : TechDNSZone appplied to zone "example.com." : DNS Zone -> Object: DNS Zone :
- Create + Delete objects
- Reverse Zones for this zone rw
- DNS Records for this zone (dnsRecords) rw DNS Zone -> Object: DNS Record :
- Create + Delete objects
- A and PTR Records rw
TechDNSReload applied to system object dns-m (master dns server):
Server -> Server Object : This server name (cn) r / A short description (description) r
Server -> DNS : Full object : r
TechDNSSystems applied to department "Postes utilisateurs" containing systems :
DNS Zone -> Object: DNS Zone: DNS Records for this zone (dnsRecords) rw
-> Object: DNS Records : A Records (dnsRecord_aRecord) rw
Workstation -> Object: Workstation : Create / Move / Delete / rw (full)
-> Object: Model r
-> Object: DNS Create / rw (full) + DNS Zone for this host (fdDNSZoneDn) rw
-> Object DHCP : DHCP Hosts declared for this system (dhcpHosts) rwActivity
added fd-plugins
420 fd-plugins400 plugin-dns in fusiondirectory-plugins labelsBy bmortier on 2017-12-19T16:33:11 (imported from GitLab)
moved from fd-plugins#5758 (closed)
By Côme Chilliet on 2017-12-20T16:11:37 (imported from GitLab)
It appears post_remove is not called because when ACL does not allow removal the remove method returns right away. But it makes no sense when the user has the right to delete the whole object the deletion will happen anyway, so it should go through the whole process.
If this turn into a refactor we should look into avoiding useless ldap modification on the object before full deletion maybe.
By Côme Chilliet on 2017-12-20T16:11:54 (imported from GitLab)
added Bugs label
By Côme Chilliet on 2017-12-20T16:12:15 (imported from GitLab)
changed milestone to %FusionDirectory 1.3
By Côme Chilliet on 2017-12-20T16:12:28 (imported from GitLab)
created branch
5747-deletion-of-objects-should-not-treat-acl-on-each-tab-separatelyBy Côme Chilliet on 2017-12-21T09:06:12 (imported from GitLab)
mentioned in commit 10e56122
By Côme Chilliet on 2017-12-21T10:21:08 (imported from GitLab)
mentioned in issue fd-plugins#5759 (closed)
By Côme Chilliet on 2017-12-21T10:22:41 (imported from GitLab)
mentioned in commit 0e530d75
By Côme Chilliet on 2017-12-21T10:49:18 (imported from GitLab)
added To Be Tested label
By Côme Chilliet on 2017-12-21T14:03:24 (imported from GitLab)
added Fixed and removed To Be Tested labels
By Côme Chilliet on 2018-01-29T08:58:15 (imported from GitLab)
removed Bugs label
By bmortier on 2018-04-05T11:59:31 (imported from GitLab)
