search

ansible / awx

AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.
Other
14k stars 3.42k forks source link

Organization deletion- user behavior- not working properly? #11625

Open akus062381 opened 2 years ago

akus062381 commented 2 years ago

Fact #1: A user MUST be associated with an organization in order to be created. That organization name will appear both on the user's organization tab, as well as the user's role tab. Musing: Why is that user not deleted when the organization is deleted?

Fact #2: A user can have role permissions assigned to them within a new organization, and that user's name and role will appear on the Role tab of the user. Musing: Why does the newly assigned organization not also appear under the User's organization tab? The originally assigned organization's name did. How else can the organization list under a user have org names populated on it, aside from the initial creation of the user? This seems to render the organization tab inside of a user sort of unnecessary.

nixocio commented 2 years ago

@akus062381, the UI reflects the RBAC and resources relationship from the API. If you can do certain actions using the API and the same action can not be done using the UI - that may indicated an UI issue. Reading what you reported it seems like a design choice by the API for item 1.

Also, if you can list the steps required to recreate what you are describing that would be very helpful.

akus062381 commented 2 years ago

@nixocio to further expand:

I see in the API that a user can be created and an organization is not required in order to do so, unlike in the UI. I am curious why the UI makes it mandatory to have a user associated with an org when the user is created, if the API doesn't? Noteworthy: The API allows user creation 2 ways: one is through users, and also through organizations.

For the second issue- steps to recreate:

  1. Create an org. Then create a user, assigning the user to that org.
  2. Navigate to the user and click the organizations tab. Notice the organization listed there.
  3. Delete the org. (NOTE: the warning modal doesn't warn about users to be affected. Perhaps it should...?)
  4. Navigate to user list and click on the user you created. Click on the organizations tab. Nothing is shown now.
  5. Now click on the Roles tab for that user. Click Add.
  6. Select Organizations. Select another org and give the user Admin access, click save.
  7. Note the user's role listed on the roles tab.
  8. Navigate back to the organizations tab of the user. Nothing is listed there.
  9. Navigate back to the roles tab for the user and click Add.
  10. Select organizations, and select the same organization as on step 6. Give the user Member access. Click save.
  11. Navigate back to the Organizations tab for the user. Now the org is listed there.

I think that the organization should appear there regardless of what type of permissions the user is given.