Bug 1268329

Summary: The same user is able to upload bundle via 'Upload' but not via 'URL'
Product: [JBoss] JBoss Operations Network Reporter: Filip Brychta <fbrychta>
Component: ContentAssignee: Josejulio Martínez <jmartine>
Status: CLOSED ERRATA QA Contact: Filip Brychta <fbrychta>
Severity: medium Docs Contact:
Priority: medium    
Version: JON 3.3.4CC: jmartine, spinder
Target Milestone: ER01Keywords: Triaged
Target Release: JON 3.3.6   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-27 15:31:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
server.log none

Description Filip Brychta 2015-10-02 14:32:01 UTC 
Created attachment 1079460 [details]
server.log

Description of problem:
User with given permissions (see later) is able to upload a bundle when using 'Upload' option but is not able to upload the same bundle when using 'URL' option.

Version-Release number of selected component (if applicable):
JON3.3.4.DR1

How reproducible:
Always

Steps to Reproduce:
1. Install, configure and start JBoss ON 3.3 system.
2. Login as rhqadmin
3.  Create a bundle group:

    *   *Name:* `Test01 - Bundle Group`

4.  Create a new user role:

    *   *Permissions:*
        *   *Name:* `Test01 - Bundle Deployer Role`
        *   *Bundle Permissions:*
            *   *Create Bundle In Group:* _Yes_
            *   *Delete Bundle From Group:* _Yes_
            *   *Deploy Bundle To Group:* _Yes_
    *   *Resource Groups:*
        *   *Assigned Resource Groups:* _DynaGroup - Groups by platform ( Linux )_
    *   *Bundle Groups:*
        *   *Assigned Resource Groups:* _Test01 - Bundle Deployer Role_

5.  Create a new user:

    *   *Username:* `tester`
    *   *Password:* `TestUser01`
    *   *First Name:* `Test`
    *   *Last Name:* `User01`
    *   *Email Address:* `testuser01`
    *   *Assigned Roles:* _Test01 - Bundle Deployer Role_
    
6.  Sign-in as _tester_.
7.  Try to create new bundle using 'URL' option with following url - 'http://web.bc.jonqe.lab.eng.bos.redhat.com/bundle.zip'
8. Try to create new bundle using 'Upload' option with the same bundle 'bundle.zip' located on your localhost.

Actual results:
After step 7:
[1443796011678] org.rhq.enterprise.server.authz.PermissionException:Subject [tester] requires Global CREATE_BUNDLES and VIEW_BUNDLES to create unassigned initial bundle version. -> org.rhq.core.domain.bundle.BundleNotFoundException:null

After step 8:
Bundle is uploaded

Expected results:
Both methods should require the same permissions.

Additional info:
full exception attached
Comment 1 Josejulio Martínez 2016-05-12 15:17:04 UTC 
commit 0d3412fea59aa0815797729f70ae1c68ae0fa49a
Merge: 735d2d8 a32a38a
Author: Michael Burman <yak>
Date:   Thu May 12 14:55:36 2016 +0300

    Merge pull request #195 from josejulio/BZ-1268329
    
    Bug 1268329 - The same user is able to upload bundle via 'Upload' but...


commit a32a38a449654b58de1789881ee35e3db4d84f35
Author: jmartine <jmartinez>
Date:   Thu Dec 10 17:52:18 2015 -0600

    Bug 1268329 - The same user is able to upload bundle via 'Upload' but not via 'URL'
    
    Instead of returning the URL as the token, moved to the temp dir to match the special token handling worflow.
    Unpacked the BundleNotFoundException from the RunTimeException that is throw to the client.
    The method was pointing to BundleManager.createBundleVersionViaURL, changed to BundleManager.createOrStoreBundleVersionViaURL.
Comment 3 Simeon Pinder 2016-06-18 01:11:38 UTC 
Moving to ON_QA as available to test with JON 3.3.6 DR01 brew build:
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=499890
Comment 4 Filip Brychta 2016-06-27 14:12:39 UTC 
Bundle is created successfully but following WARN is thrown to server.log:
10:07:20,396 WARN  [org.rhq.coregui.server.gwt.BundleGWTServiceImpl] (http-0.0.0.0:7080-6) Sending exception to client: [1467036440396] : org.rhq.core.domain.bundle.BundleNotFoundException: [bundle-distribution3559317679160419472.zip]
	at org.rhq.enterprise.server.bundle.BundleManagerBean.createOrStoreBundleVersionViaURL(BundleManagerBean.java:886) [rhq-server.jar:4.12.0.JON330GA-redhat-6]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_79]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_79]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_79]
	at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_79]
	at org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52) [jboss-as-ee-7.5.8.Final-redhat-2.jar:7.5.8.Final-redhat-2]
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
	at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
	at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) [jboss-as-ee-7.5.8.Final-redhat-2.jar:7.5.8.Final-redhat-2]
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
.
.
.

One option is to fix the exception in ER01 or mark this BZ as verified and create new BZ for for the exception.
Comment 5 Josejulio Martínez 2016-06-27 15:51:01 UTC 
I'll take a look at it today.
Comment 6 Josejulio Martínez 2016-06-29 14:32:47 UTC 
commit 07bf3f15228231161b112e15963f89af5b8376ca
Merge: d94e18d 059a43f
Author: Michael Burman <yak>
Date:   Wed Jun 29 14:56:49 2016 +0300

    Merge pull request #268 from josejulio/bugs/1268329
    
    Bug 1268329 - Removed a WARN in server.log when uploading a Bundle vi…

commit 059a43f3236237b5afd3f624023bf2485be1f5d2
Author: Josejulio Martínez <jmartine>
Date:   Mon Jun 27 13:48:15 2016 -0500

    Bug 1268329 - Removed a WARN in server.log when uploading a Bundle via URL when using the special token handling worflow.
Comment 8 Simeon Pinder 2016-07-07 08:22:44 UTC 
Moving to ON_QA as available to test with the following build:
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=502442

Note: 	jon-server-patch-3.3.0.GA.zip maps to JON 3.3.6(jon-server-3.3.0.GA-update-06.zip)
Comment 11 errata-xmlrpc 2016-07-27 15:31:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-1519.html