https://bugzilla.redhat.com/show_bug.cgi?id=745801
Description of problem: When a user logs in for self service, enroll buttons are enabled in the memberof tabs. User can go ahead, and select which groups/roles to enroll himself into. Then when 'Enroll' is clicked - throws error - two: Insufficient access: Insufficient 'write' privilege to the 'member' attribute of entry 'cn=admins,cn=groups,cn=accounts,dc=testrelm'. Version-Release number of selected component (if applicable): ipa-server-2.1.2-2.el6.x86_64 How reproducible: always Steps to Reproduce: 1. Add a user, set its passwd, login as this user 2. In the UI, go to Groups tab, can click 'Enroll' 3. Can see groups listed, select some, and click 'Enroll' Actual results: Clicking 'Enroll' throws error: two: Insufficient access: Insufficient 'write' privilege to the 'member' attribute of entry 'cn=admins,cn=groups,cn=accounts,dc=testrelm'. Expected results: The 'Enroll' button should be disabled if this user doesn't have the permissions - on all the tabs under memberof Additional info:
The UI currently only has 2 modes: admin and self-service. So this bug can be fixed quickly by disabling the Enroll button in the self-service mode.
However, modifying the UI to enable/disable certain pages/links/buttons based on specific user rights will require a significant effort.
master: 7710bfb
Metadata Update from @dpal: - Issue assigned to pvoborni - Issue set to the milestone: FreeIPA 3.0 Core Effort - 2011/12
Login to comment on this ticket.