Bug 1140341

Summary: discrepancy in shared channel visibility between channel.listAllChannels and channel.software.listSubscribedSystems APIs
Product: [Community] Spacewalk Reporter: Tasos Papaioannou <tpapaioa>
Component: APIAssignee: Tomáš Kašpárek <tkasparek>
Status: CLOSED DUPLICATE QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.2CC: cperry, jdobes, satqe-list, tkasparek
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1140340 Environment:
Last Closed: 2016-03-21 12:15:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1140340, 1162840    
Bug Blocks: 1484117    

Description Tasos Papaioannou 2014-09-10 17:41:20 UTC 
+++ This bug was initially created as a clone of Bug #1140340 +++

Description of problem:

The channel.listAllChannels API will show custom/cloned channels that are shared from another organization, but calling channel.software.listSubscribedSystems for a shared channel will generate an error:

Fault returned from XML RPC Server, fault code -210: redstone.xmlrpc.XmlRpcFault: No such channel: clone-rhel-x86_64-server-6


Version-Release number of selected component (if applicable):

spacewalk-java-2.0.2-79.el6sat.noarch

How reproducible:

100%

Steps to Reproduce:
1.) Clone rhel-x86_64-server-6 in org #1.
2.) Create a trust with a secondary organization, and share the cloned channel with the 2nd org.
3.) As an org admin in the 2nd org, verify that channel.listAllChannels sees the channel, but channel.software.listSubscribedSystems does not.

# spacewalk-api --user admin2 --password XXXX --server localhost channel.listAllChannels "%session%"
[...]
            {
              'packages' => '12839',
              'systems' => '0',
              'arch_name' => 'x86_64',
              'provider_name' => 'GLOBAL SUPPORT SERVI RED HAT, INC.',
              'name' => 'Clone of Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64)',
              'label' => 'clone-rhel-x86_64-server-6',
              'id' => '326'
            },
[...]

# spacewalk-api --user admin2 --password XXXX --server localhost channel.software.listSubscribedSystems "%session%" "clone-rhel-x86_64-server-6"
Fault returned from XML RPC Server, fault code -210: redstone.xmlrpc.XmlRpcFault: No such channel: clone-rhel-x86_64-server-6

Actual results:

channel.software.listSubscribedSystems does not see shared channel.

Expected results:

channel.software.listSubscribedSystems sees shared channel, returns list of systems in user's org that are subscribed to it.

Additional info:

channel.listAllChannels makes use of the rhnUserChannel view, which takes into account org trusts:

****
./java/code/src/com/redhat/rhn/frontend/xmlrpc/channel/ChannelHandler.java:

    public Object[] listAllChannels(String sessionKey) {
        User user = ChannelHandler.getLoggedInUser(sessionKey);
        DataResult<ChannelTreeNode> dr = ChannelManager.allChannelTree(user, null);
        dr.elaborate();
        return dr.toArray();
    }

./java/code/src/com/redhat/rhn/manager/channel/ChannelManager.java:

    public static DataResult allChannelTree(User user,
                                            ListControl lc) {
        SelectMode m = ModeFactory.getMode("Channel_queries", "all_channel_tree");

./java/code/src/com/redhat/rhn/common/db/datasource/xml/Channel_queries.xml:

<mode name="all_channel_tree" class="com.redhat.rhn.frontend.dto.ChannelTreeNode">
        <query params="user_id">
        select Distinct C.id,
                   C.name,
                   C.label as channel_label,
                   C.parent_channel as parent_id,
                        (SELECT COUNT(P.package_id)
                          FROM rhnChannelPackage P
                          WHERE P.channel_id = C.id
                                ) AS package_count,
         C.org_id,
         (select org.name
            from web_customer org
            where org.id = C.org_id) as org_name,
         CA.name as arch_name
        from rhnChannel C inner join
         rhnUserChannel UC on UC.channel_id = C.id
        inner join rhnChannelArch CA ON CA.ID  = C.channel_arch_id
         where UC.user_id = :user_id
    </query>
      <elaborator name="visible_server_count"/>
</mode>

/etc/sysconfig/rhn/postgres/deploy.sql:

create or replace view rhnUserChannel
as
select
   cfp.user_id,
   cfp.org_id,
   cfm.channel_id,
   'manage' as role
from rhnChannelFamilyMembers cfm,
      rhnUserChannelFamilyPerms cfp
where
   cfp.channel_family_id = cfm.channel_family_id and
   rhn_channel.user_role_check(cfm.channel_id, cfp.user_id, 'manage') = 1
union all
select
   cfp.user_id,
   cfp.org_id,
   cfm.channel_id,
   'subscribe' as role
from rhnChannelFamilyMembers cfm,
      rhnUserChannelFamilyPerms cfp
where
   cfp.channel_family_id = cfm.channel_family_id and
   rhn_channel.user_role_check(cfm.channel_id, cfp.user_id, 'subscribe') = 1
union all
select
   w.id as user_id,
   w.org_id,
   s.id as channel_id,
   'subscribe' as role
from rhnSharedChannelView s,
      web_contact w
where
   w.org_id = s.org_trust_id and
   rhn_channel.user_role_check(s.id, w.id, 'subscribe') = 1;
****

channel.software.listSubscribedSystems, on the other hand, is only aware of channels with either a null org or an org id that matches that of the user:

****
./java/code/src/com/redhat/rhn/frontend/xmlrpc/channel/software/ChannelSoftwareHandler.java:

    public Object[] listSubscribedSystems(String sessionKey, String label)
        throws FaultException {

        User user = getLoggedInUser(sessionKey);

        // Make sure user has access to the orgs channels
        if (!user.hasRole(RoleFactory.CHANNEL_ADMIN)) {
            throw new PermissionCheckFailureException();
        }

        // Get the channel.
        Channel channel = lookupChannelByLabel(user.getOrg(), label);

        DataResult<Map> dr = SystemManager.systemsSubscribedToChannel(channel, user);
        for (Map sys : dr) {
            sys.remove("selectable");
        }
        return dr.toArray();
    }

    private Channel lookupChannelByLabel(Org org, String label)
        throws NoSuchChannelException {

        Channel channel = ChannelManager.lookupByLabel(
                org, label);

./java/code/src/com/redhat/rhn/manager/channel/ChannelManager.java:

    public static Channel lookupByLabel(Org org, String label) {
        return ChannelFactory.lookupByLabel(org, label);
    }

./java/code/src/com/redhat/rhn/domain/channel/ChannelFactory.java:

    public static Channel lookupByLabel(Org org, String label) {
        Session session = getSession();
        Criteria c = session.createCriteria(Channel.class);
        c.add(Restrictions.eq("label", label));
        c.add(Restrictions.or(Restrictions.eq("org", org),
                            Restrictions.isNull("org")));
        return (Channel) c.uniqueResult();
    }
****
Comment 1 Jan Dobes 2016-03-21 12:15:57 UTC 
This bug is same as 1162840. Fixed in Spacewalk 2.3. Closing as duplicate.

*** This bug has been marked as a duplicate of bug 1162840 ***
Comment 2 Eric Herget 2017-09-28 18:11:41 UTC 
This BZ closed some time during 2.5, 2.6 or 2.7.  Adding to 2.7 tracking bug.