https://bugzilla.redhat.com/show_bug.cgi?id=740888
Description of problem: In HBAC Rules. search for the letter 'm', and allow_all will be listed, because its description contains 'from'. But the page doesn't display description, and so the user is left confused as to why this rule is displayed. Or if a rule is added, and it applies to a host whose name contains 'm', then the search will find this rule too. Search should be limited to the fields that are displayed to avoid confusion. Version-Release number of selected component (if applicable): ipa-server-2.1.1-4.el6.x86_64 How reproducible: always Steps to Reproduce: 1. Add and edit HBAC rule - test 2. Go to its Accessing section, and click to Add a Host 3. Add a host - say - example.testrelm 4. Go back to HBAC Rules page, and search for the letter 'm' Actual results: the rule 'test' is listed Expected results: the rule 'test' should not have matched the criteria Additional info:
I think in general we should expect that the search keyword might match a field that is not displayed in the list page because of space restriction. If the search is limited to visible fields only we might not be able to find certain rules that contain certain hosts.
We probably can document which fields aren't searchable (if there's any).
This is not a UI specific issue, as the search is the Generic LDAP search. To make this happens requires an API change.
For 2.1.2 just narrow search scope to the subset of fields that makes sense.
This can be easily done by adding a list of attributes to the LDAPObject's search_display_attributes attribute.
search_display_attributes
However, why would we want to remove description (reported in BZ) from searched fields? 1. I see that description field is visible in WebUI 2. Description field is visible in CLI. I think user may be surprised if he adds some additional info to the description and then couldn't search it 3. Other attributes seems OK with me to, for example I think it'd be useful to search for all rules that are relevant to $HOST, i.e. we will search in LDAP attribute memberhost_host or msourcehost_host
I am afraid that narrowing scope of the fields may limit the usability of the search. Plus, it wouldn't be consistent here with the rest of the commands which search for all LDAP attributes (except user-find).
user-find
The best solution I would see here is to allow a user to pass a list of search fields to limit/expand the search. But I am not sure if this would be in scope if 2.1.2.
Filed doc bug https://bugzilla.redhat.com/show_bug.cgi?id=743945
Moving to 3.0.
Not a major issue, moving to January.
Moving to February.
There were some further discussions about this issue on both CLI and WebUI side and we came to a common agreement. We think we do the right thing with searching for given term ('m' in your case) in all object's default attributes. Even if some field is not shown (in WebUI) that does not necessarily mean that user would not want to search the term in such field.
Talking specifically about description field, user could have his custom data in such field and would not like if he suddenly can't search in it. That would sound more like a regression.
Metadata Update from @rcritten: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/02
Login to comment on this ticket.