Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

The management of alarms (escalation, and acknowledge) on the new MAP UI does not work for user without ROLE_REST.

Description

The management of alarms (escalation, and acknowledge) on the new MAP UI on version 31.0.0 does not work for user without ROLE_REST.
On the Alarms list UI it is possible to do it without the need for the user to have ROLE_REST.

How to reproduce:
Pre-conditions:

  • Have a user, let’s say t1, with only role ROLE_USER. We can have another user, t2, with roles ROLE_USER and ROLE_REST if we want to do some other checks, but not needed to reproduce the error.

  • Have at least one alarm which can be act on (escalated or un/acknowledged). If there is none, you can generate an event login as admin and using the Horizon GUI as explained here

  • The node that has the alarm needs to have coordinates set on Assets with name Longitude and Latitude (to appear on the map view). Set them on the requisition, for instance.

Reproducing the problem:

  • Login as the user without ROLE_REST (t1).

  • Go to Maps->Geographical

  • You should see an alarm on the bottom list of alarms.

  • Select the alarm then select one “Alarm action” from the combo box on the top right of the alarm table.

  • What happens: Nothing happens. Not only visually, the alarm action is not performed.

  • What should happen: the alarm should be updated with the action (a new severity if escalated, for instance).

 Additional info:

  • If we do the same but from the list of alarms we get from going to Status -> Alarms -> All alarms, we can see that this user, t1, is able to execute actions like escalate and acknowledge on that alarm.

  • If we login with an user with ROLE_REST we can see that that user is also able to execute those alarm action from the table at Maps->Geographical (but we should need to give user ROLE_REST in order for them to use the UI).

Acceptance / Success Criteria

None

Activity

Show:

Benjamin Reed April 5, 2023 at 3:57 PM

Good news! There is an easy fix to allow this. I’ve got a PR for the fix out right now.

In the meantime, you can hand-edit $OPENNMS_HOME/jetty-webapps/opennms/WEB-INF/applicationContext-spring-security.xml and do the following:

  1. remove the <intercept-url pattern="/rest/alarms/**" method="PUT" access="ROLE_MOBILE,ROLE_REST,ROLE_ADMIN" /> entry from the <http pattern="/rest/**" ...> section of the config

  2. add a section above it with the following contents:

Scott Theleman January 30, 2023 at 2:54 PM

We are now using the Vue version of the Geographical Map, this performs all actions via the Rest API rather than being done on the web server. To perform PUT or POST actions, users must currently have the ROLE_REST permissions (ROLE_USER is GET only).

A workaround is to give users that need to perform alarm management the ROLE_REST role. However, we should have a discussion regarding how to best deal with permissions for these Rest-based client applications.

Ricardo Monteiro December 12, 2022 at 11:30 AM

, steps added.

Veena Kannan December 6, 2022 at 3:45 PM

Would you please include the steps to reproduce this and any other relevant information?

Fixed

Details

Assignee

Reporter

HB Grooming Date

HB Backlog Status

Components

Sprint

Fix versions

Affects versions

Priority

Parent

PagerDuty

Created November 22, 2022 at 6:10 PM
Updated April 5, 2023 at 7:49 PM
Resolved April 5, 2023 at 7:49 PM