Bug 1247715
| Summary: | User 'production' is not authorized to access 'Provider' record id '10' on accessing Satellite provider when Quota is assigned | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Aziza Karol <akarol> | ||||
| Component: | UI - OPS | Assignee: | Aparna Karve <akarve> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Aziza Karol <akarol> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 5.4.0 | CC: | cpelland, hkataria, jhardy, jprause, mfeifer, mpovolny, obarenbo | ||||
| Target Milestone: | GA | Keywords: | ZStream | ||||
| Target Release: | 5.5.2 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | 5.5.2.1 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 1290837 (view as bug list) | Environment: | |||||
| Last Closed: | 2016-02-10 15:20:02 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1290837 | ||||||
| Attachments: |
|
||||||
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/6e64846f7f1fa689518687bc52bfe9f64ce43f72 commit 6e64846f7f1fa689518687bc52bfe9f64ce43f72 Author: Aparna Karve <akarve> AuthorDate: Wed Nov 25 14:49:27 2015 -0800 Commit: Aparna Karve <akarve> CommitDate: Thu Dec 3 10:43:13 2015 +0100 Apply RBAC filtering to the foreman tree objects https://bugzilla.redhat.com/show_bug.cgi?id=1247715 app/controllers/application_controller.rb | 25 +++++------ app/controllers/provider_foreman_controller.rb | 49 ++++++++++++++-------- app/models/configuration_profile.rb | 2 +- .../manageiq/providers/configuration_manager.rb | 4 +- .../configuration_manager/configuration_profile.rb | 4 ++ .../configuration_manager/configured_system.rb | 4 ++ app/models/rbac.rb | 13 +++--- app/presenters/tree_builder.rb | 16 +++---- app/presenters/tree_builder_foreman.rb | 11 ++--- .../provider_foreman_controller_spec.rb | 4 +- 10 files changed, 79 insertions(+), 53 deletions(-) New commit detected on cfme/5.5.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=1cd23ef4dd1b6ae01ced329756ebd614281bb2d1 commit 1cd23ef4dd1b6ae01ced329756ebd614281bb2d1 Merge: 5694b4d 766b947 Author: Dan Clarizio <dclarizi> AuthorDate: Mon Dec 7 17:49:53 2015 -0500 Commit: Dan Clarizio <dclarizi> CommitDate: Mon Dec 7 17:49:53 2015 -0500 Merge branch 'rbac_foreman' into '5.5.z' BZ1247715 - Apply RBAC filtering to the foreman tree objects Clean cherry-pick Upstream PR - https://github.com/ManageIQ/manageiq/pull/5665 Apply RBAC filtering to the Foreman tree nodes based on the logged-in user's tag settings. https://bugzilla.redhat.com/show_bug.cgi?id=1247715 See merge request !582 app/controllers/application_controller.rb | 25 +++++------ app/controllers/provider_foreman_controller.rb | 48 ++++++++++++++-------- app/models/configuration_profile.rb | 2 +- .../manageiq/providers/configuration_manager.rb | 4 +- .../configuration_manager/configuration_profile.rb | 4 ++ .../configuration_manager/configured_system.rb | 4 ++ app/models/rbac.rb | 13 +++--- app/presenters/tree_builder.rb | 16 ++++---- app/presenters/tree_builder_foreman.rb | 11 +++-- .../provider_foreman_controller_spec.rb | 29 +++++++++++++ 10 files changed, 106 insertions(+), 50 deletions(-) New commit detected on cfme/5.5.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=4f2cfff4d55a7aa55614114864ba895b6f9be7ef commit 4f2cfff4d55a7aa55614114864ba895b6f9be7ef Author: Aparna Karve <akarve> AuthorDate: Wed Nov 25 14:49:27 2015 -0800 Commit: Aparna Karve <akarve> CommitDate: Fri Dec 4 09:52:11 2015 +0100 Apply RBAC filtering to the foreman tree objects https://bugzilla.redhat.com/show_bug.cgi?id=1247715 app/controllers/application_controller.rb | 25 +++++------ app/controllers/provider_foreman_controller.rb | 49 ++++++++++++++-------- app/models/configuration_profile.rb | 2 +- .../manageiq/providers/configuration_manager.rb | 4 +- .../configuration_manager/configuration_profile.rb | 4 ++ .../configuration_manager/configured_system.rb | 4 ++ app/models/rbac.rb | 13 +++--- app/presenters/tree_builder.rb | 16 +++---- app/presenters/tree_builder_foreman.rb | 11 ++--- .../provider_foreman_controller_spec.rb | 4 +- 10 files changed, 79 insertions(+), 53 deletions(-) satellite provider accessible. Verified in Verified in 5.5.2.1.20160114044944_395c086 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:0159 |
Created attachment 1057060 [details] snpshot Description of problem: Version-Release number of selected component (if applicable): 5.4.1 How reproducible: 100% Steps to Reproduce: 1. Add satellite provider 2.create a new group with role "EvmRole-administrator" and and set tag "Quota-max memory" to 2GB 3.create a new user base on above group 4.login with the above user and navigate to infrastructure-> configuration management and click on the satellite provider in accordion Actual results: User 'production' is not authorized to access 'Provider' record id '10'. see attached screenshot Expected results: should be accessible Additional info: