Bug 1221343

Summary: validate permission name should be unique and not scoped by resource_type
Product: Red Hat Satellite Reporter: Bryan Kearney <bkearney>
Component: ProvisioningAssignee: jmagen <jmagen>
Status: CLOSED CURRENTRELEASE QA Contact: Sachin Ghai <sghai>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.0.4CC: bbuckingham, bkearney, cwelton, dlobatog, jmagen, jmatthew, sghai, tkolhar
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
URL: http://projects.theforeman.org/issues/10492
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-12 13:58:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1212602    

Description Bryan Kearney 2015-05-13 19:14:01 UTC
Comment 1 Bryan Kearney 2015-05-13 19:14:02 UTC 
Created from redmine issue http://projects.theforeman.org/issues/10492
Comment 2 Bryan Kearney 2015-05-13 19:14:04 UTC 
Upstream bug assigned to jmagen
Comment 3 Bryan Kearney 2015-05-15 17:55:27 UTC 
Moving to POST since upstream bug http://projects.theforeman.org/issues/10492 has been closed
-------------
Joseph Magen
Applied in changeset commit:04ad52f78f83954bec062a48a0ee3cd7d35bb9dd.
Comment 4 Daniel Lobato Garcia 2015-05-18 17:10:53 UTC 
Merged as 9163edbb1bc6cb6e0f398d52fb48c3fd4bce346b
Comment 6 Tazim Kolhar 2015-05-22 05:18:46 UTC 
hi

please provide verification steps

thanks
Comment 7 jmagen@redhat.com 2015-05-28 12:35:22 UTC 
Code in Fusor/RHCI was fixed so it doesn't use same permission name as foreman_discovery gem
Comment 8 jmagen@redhat.com 2015-05-31 08:05:32 UTC 
This commit was merged into Foreman on May 14th

fixes #10492 - permission name should be unique and not scoped by resource_type
https://github.com/theforeman/foreman/commit/04ad52f78f83954bec062a48a0ee3cd7d35bb9dd

and duplicate permission name was changed in Fusor

Changing name of permission for :destroy_discovered_hosts, since it conflicts with permission created by foreman-discovery
https://github.com/fusor/fusor/commit/53c67268345bf2afe90f86a1e7a564ce037891ba

so I think this bug can be closed.
Comment 9 Sachin Ghai 2015-06-02 05:26:23 UTC 
Please provide steps to verify this bz. Thanks
Comment 10 jmagen@redhat.com 2015-06-04 07:39:17 UTC 
Sachin,
Verification are the 2 commit were merged. One in Foreman and one in Fusor.
Permission name in fusor plugin is hard-coded and not dependant on any user input. The fact that the plugin loads with no errors is verification that bug is fixed.
Comment 11 Sachin Ghai 2015-06-05 12:59:00 UTC 
Verified in sat6.1 GA snap7 based on the changes in comment8.

The uniqueness of permission is set to true and now not scoped by resource-type.

[root@cloud-qe-14 ~]# find / -name permission.rb
/usr/share/foreman/app/models/permission.rb
[root@cloud-qe-14 ~]# cat /usr/share/foreman/app/models/permission.rb
class Permission < ActiveRecord::Base
  attr_accessible :name, :resource_type

  validates_lengths_from_database
  validates :name, :presence => true, :uniqueness => true
Comment 12 Bryan Kearney 2015-08-11 13:33:23 UTC 
This bug is slated to be released with Satellite 6.1.
Comment 13 Bryan Kearney 2015-08-12 13:58:47 UTC 
This bug was fixed in version 6.1.1 of Satellite which was released on 12 August, 2015.