Bug 1112234

Summary: roles: publishing a CV via normal user raises NetworkError: 403 Forbidden - /foreman_tasks/api/tasks/bulk_search" bulk_search
Product: Red Hat Satellite Reporter: Sachin Ghai <sghai>
Component: Users & RolesAssignee: Ivan Necas <inecas>
Status: CLOSED ERRATA QA Contact: Jan Hutaƙ <jhutar>
Severity: medium Docs Contact:
Priority: high    
Version: 6.0.3CC: abraverm, bbuckingham, cwelton, ddevra, inecas, jhutar, sthirugn, tomckay, walden
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
URL: http://projects.theforeman.org/issues/4450
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-12 05:09:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 971511    
Attachments:
Description Flags
NetworkError: 403 Forbidden - when publishing cv via normal user
none
version_created on navigating away from version tab none

Description Sachin Ghai 2014-06-23 11:44:55 UTC 
Created attachment 911404 [details]
NetworkError: 403 Forbidden - when publishing cv via normal user

Description of problem:
I was trying a scenario where a normal user can publish a CV in a selected org. But when I tried publish, Firebug raises:

"NetworkError: 403 Forbidden - https://dhcp201-161.englab.pnq.redhat.com/foreman_tasks/api/tasks/bulk_search"
bulk_search


production.log says:
Processing by ForemanTasks::Api::TasksController#bulk_search as JSON
  Parameters: {"searches"=>[{"type"=>"task", "task_id"=>"b2b834f7-4288-4e8a-90dd-16eee2183e3d", "search_id"=>"1"}], "task"=>{}}
  Rendered api/v2/errors/access_denied.json.rabl within api/v2/layouts/error_layout (0.7ms)
Filter chain halted as :authorize rendered or redirected
Completed 403 Forbidden in 16ms (Views: 1.7ms | ActiveRecord: 2.6ms)
Processing by ForemanTasks::Api::TasksController#bulk_search as JSON
  Parameters: {"searches"=>[{"type"=>"task", "task_id"=>"b2b834f7-4288-4e8a-90dd-16eee2183e3d", "search_id"=>"1"}], "task"=>{}}
  Rendered api/v2/errors/access_denied.json.rabl within api/v2/layouts/error_layout (0.7ms)
Filter chain halted as :authorize rendered or redirected
Completed 403 Forbidden in 17ms (Views: 1.8ms | ActiveRecord: 2.8ms)

Version-Release number of selected component (if applicable):
sat6 beta snap10

How reproducible:
always 

Steps to Reproduce:
1. created a role "role1" via admin user
2. added following permissions to "role1"
   content-view resource type - create, view and publish CV
   Product resource type - view product
   activation-key resource type - create, update, destroy, view
   Lifecycle env resource type - view
3. created a  CV "cv1" via admin and addded a repo to it and published its version1
4. created a user ak1 and assign role1 to this user
5. logout with admin and login with ak1
6. selected 'cv1'
7. started publish

Actual results:
"NetworkError: 403 Forbidden - https://dhcp201-161.englab.pnq.redhat.com/foreman_tasks/api/tasks/bulk_search"
bulk_search

Expected results:
cv should be published. Not sure what I'm missing here. any permission ? If I'm missing any permission then Publish shouldn't be enabled.

Additional info:
Comment 1 Sachin Ghai 2014-06-23 11:47:53 UTC 
On navigating away from version tab and come back.. version was created. Please see the screenshot.
Comment 2 Sachin Ghai 2014-06-23 11:48:57 UTC 
Created attachment 911405 [details]
version_created on navigating away from version tab
Comment 5 Sachin Ghai 2014-06-24 07:48:58 UTC 
I added a resource type: (Miscellaneous) with "View_tasks" permission.but no luck.
Comment 6 Walden Raines 2014-06-24 12:20:26 UTC 
The publish/promotion should still be successful, it's just the querying of the task status that is not.

Downstream issue:  http://projects.theforeman.org/issues/4450
Comment 7 Walden Raines 2014-06-24 12:21:58 UTC 
Connecting redmine issue http://projects.theforeman.org/issues/4450D from this bug
Comment 8 Walden Raines 2014-06-24 12:22:09 UTC 
Connecting redmine issue http://projects.theforeman.org/issues/4450 from this bug
Comment 9 Tom McKay 2014-09-04 14:48:53 UTC 
Also manifest upload/refresh/delete has same problem
Comment 10 Ivan Necas 2015-01-19 10:15:49 UTC 
Fixed as part of https://github.com/theforeman/foreman/pull/2060
Comment 14 Ivan Necas 2015-05-18 08:31:18 UTC 
*** Bug 1221242 has been marked as a duplicate of this bug. ***
Comment 15 Bryan Kearney 2015-08-11 13:20:48 UTC 
This bug is slated to be released with Satellite 6.1.
Comment 16 errata-xmlrpc 2015-08-12 05:09:46 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2015:1592