Bug 1268829

Summary: API does not return Fact values with Viewer role
Product: Red Hat Satellite Reporter: Peter Vreman <peter.vreman>
Component: APIAssignee: Daniel Lobato Garcia <dlobatog>
Status: CLOSED ERRATA QA Contact: jcallaha
Severity: high Docs Contact:
Priority: high    
Version: 6.1.2CC: bbuckingham, chrobert, dcaplan, dlobatog, ealcaniz, jcallaha, ktordeur, mmccune, sthirugn, xdmoon
Target Milestone: UnspecifiedKeywords: PrioBumpPM, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
URL: http://projects.theforeman.org/issues/9793
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1333112 (view as bug list) Environment:
Last Closed: 2016-07-27 08:56:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1122832, 1333112    

Description Peter Vreman 2015-10-05 12:06:35 UTC 
Description of problem:
The API to query fact values always has an empty response because of lack of permissions with the Viewer role. Neither could the View-Host and Manager roles, so looks like that only the Administrator role can list the facts.

This behavior is a regression over Sat6.0, as the same user role and query 
works without issues on Sat6.0 and earlier Foreman 1.2 installations.


$ curl -s -uviewer:xxxx https://li-lc-1578.hag.hilti.com/api/v2/users/viewer | jq .roles
[
  {
    "id": 19,
    "name": "Anonymous"
  },
  {
    "id": 16,
    "name": "Viewer"
  }
]

$ curl -s -uviewer:xxxx https://li-lc-1578.hag.hilti.com//api/v2/hosts/li-lc-1443.hag.hilti.com/facts?per_page=9999 | jq .
{
  "results": {},
  "sort": {
    "order": null,
    "by": null
  },
  "search": " host = li-lc-1443.hag.hilti.com",
  "per_page": 9999,
  "page": 1,
  "subtotal": 0,
  "total": 0
}

2015-10-05 11:46:07 [I] Processing by Api::V2::FactValuesController#index as JSON
2015-10-05 11:46:07 [I]   Parameters: {"per_page"=>"9999", "apiv"=>"v2", "host_id"=>"li-lc-1443.hag.hilti.com"}
2015-10-05 11:46:07 [I] Authorized user viewer(viewer )
2015-10-05 11:46:07 [I]   Rendered api/v2/fact_values/index.json.rabl within api/v2/layouts/index_layout (3.0ms)
2015-10-05 11:46:07 [I] Completed 200 OK in 341ms (Views: 27.8ms | ActiveRecord: 47.8ms)





Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Query facts using a User with only the Viewer role
2.
3.

Actual results:
No facts returned

Expected results:
Facts returned

Additional info:
Comment 2 Peter Vreman 2015-10-05 14:27:01 UTC 
Fix is available in Foreman 1.9 http://projects.theforeman.org/issues/9793
Comment 3 Bryan Kearney 2015-12-15 19:05:16 UTC 
Upstream bug assigned to dlobatog
Comment 4 Bryan Kearney 2015-12-15 19:05:19 UTC 
Upstream bug component is API
Comment 5 Bryan Kearney 2015-12-15 19:05:21 UTC 
Moving to POST since upstream bug http://projects.theforeman.org/issues/9793 has been closed
-------------
Daniel Lobato Garcia
Applied in changeset commit:f0c7b9616ffe83a6e8aa0a0c5811c22d541daa1c.
Comment 6 jcallaha 2015-12-18 20:52:28 UTC 
*** This bug is verified in upstream.  This fix should eventually land in future downstream builds ***
Version Tested:
# rpm -qa | grep foreman
tfm-rubygem-foreman_discovery-4.1.2-1.fm1_11.el7.noarch
tfm-rubygem-foreman_hooks-0.3.9-1.el7.noarch
foreman-debug-1.11.0-0.develop.201512111432git98f6ca5.el7.noarch
tfm-rubygem-hammer_cli_foreman_docker-0.0.3-4.el7.noarch
foreman-ovirt-1.11.0-0.develop.201512111432git98f6ca5.el7.noarch
foreman-postgresql-1.11.0-0.develop.201512111432git98f6ca5.el7.noarch
foreman-release-scl-1-1.el7.x86_64
foreman-vmware-1.11.0-0.develop.201512111432git98f6ca5.el7.noarch
tfm-rubygem-foreman_gutterball-0.0.1-3.el7.noarch
foreman-gce-1.11.0-0.develop.201512111432git98f6ca5.el7.noarch
dell-per300-01.rhts.eng.bos.redhat.com-foreman-proxy-client-1.0-1.noarch
foreman-release-1.11.0-0.develop.201512111432git98f6ca5.el7.noarch
tfm-rubygem-hammer_cli_foreman_tasks-0.0.8-1.el7.noarch
foreman-1.11.0-0.develop.201512111432git98f6ca5.el7.noarch
tfm-rubygem-foreman_docker-1.4.1-2.fm1_10.el7.noarch
foreman-libvirt-1.11.0-0.develop.201512111432git98f6ca5.el7.noarch
dell-per300-01.rhts.eng.bos.redhat.com-foreman-client-1.0-1.noarch
dell-per300-01.rhts.eng.bos.redhat.com-foreman-proxy-1.0-2.noarch
tfm-rubygem-hammer_cli_foreman-0.4.0-1.201512101420git81ec371.el7.noarch
foreman-compute-1.11.0-0.develop.201512111432git98f6ca5.el7.noarch
tfm-rubygem-foreman-tasks-0.7.6-1.fm1_10.el7.noarch
foreman-selinux-1.11.0-0.develop.201510071426git6234447.el7.noarch
tfm-rubygem-hammer_cli_foreman_bootdisk-0.1.3-3.el7.noarch
tfm-rubygem-foreman_bootdisk-6.0.0-2.fm1_10.el7.noarch
foreman-proxy-1.11.0-0.develop.201512101505git62c9e22.el7.noarch
Comment 8 Edu Alcaniz 2016-04-15 08:18:07 UTC 
This issue persiste in Satellite 6.1.7
Comment 15 errata-xmlrpc 2016-07-27 08:56:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1500