| Summary: | User with 'Admin User' role can not change their their location and organization in Satellite 6.2 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Ashfaqur Rahaman <arahaman> | ||||
| Component: | Users & Roles | Assignee: | satellite6-bugs <satellite6-bugs> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Dominik Hlavac Duran <dhlavacd> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 6.2.3 | CC: | abalakht, arahaman, asahni, bbuckingham, bkearney, dhlavacd, jcallaha, mhulan | ||||
| Target Milestone: | Unspecified | Keywords: | Triaged | ||||
| Target Release: | Unused | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2018-02-21 16:44:25 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
|
Description
Ashfaqur Rahaman
2016-11-02 03:53:07 UTC
Another symptom of the issue : When we run "remote execution jobs" with users from 'Admin' group on nodes outside of the org/location they belong to, it will fail. However, it works fine for 'Administrator' users no matter what is the org/location setting. I can't reproduce with Satellite 6.2.4 but I can see there is a slightly different behavior for admins with permission granted by user group. Ashfaqur, could you provide a reproducing environment please? The remote execution issue is reported as BZ 1397185 already. Created attachment 1223119 [details]
potential patch
This might be the issue tracked as http://projects.theforeman.org/issues/17458, could you please check whether the attached patch helps? You need to restart httpd after applying it. Hello Marek,
I tried the patch. It looks it went through:
---
# patch -p1 < /tmp/taxonomix.patch
patching file app/models/concerns/taxonomix.rb
Hunk #1 succeeded at 108 with fuzz 2 (offset -1 lines).
---
But unfortunately the issue is still there. Here is what I did
(satellite version : 6.2.4)
// Create user and group :
1. Login as admin
2. Go to Administrator > Users >
3. Create user "tuser1" , set password. Have not select any roles.
3. Submit
4. Create user group "tusergroup" and select "tuser1" as member , in the role tab, select "Admin" and add all the roles
5. Submit
// Verify :
6. check the "Users" tab and see the "tuser1" is showing in the table with "Administrator" column ticked
// Test:
7. logout from "Admin" user
8. Log in as "tuser1"
9. Go to Administrator > Users >
10. Select User "tuser1"
11. Go to "Location" tab and change the location . (unselect existing one or select new one or any change ) or change Orgnaization
12. Submit
13. Repeat step 9,10 and check if the "Location"/"Orgnaization" has changed or not.
// Output:
Expected output : it should changed
Actual output: it does not change.
foreman tail when I try to change location :
----
==> /var/log/foreman/production.log <==
2016-12-05 13:10:28 [app] [I] Started PATCH "/users/4-tuser1" for 10.64.0.208 at 2016-12-05 13:10:28 +1100
2016-12-05 13:10:28 [app] [I] Processing by UsersController#update as */*
2016-12-05 13:10:28 [app] [I] Parameters: {"utf8"=>"✓", "authenticity_token"=>"KhZknQhcwvT6Yd0wBw/taudkyErlzVC9wMX+/5cn3jQ=", "user"=>{"login"=>"tuser1", "firstname"=>"t1first", "lastname"=>"t1surname", "mail"=>"t1", "locale"=>"", "timezone"=>"", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "mail_enabled"=>"0", "user_mail_notifications_attributes"=>{"0"=>{"mail_notification_id"=>"7", "interval"=>"", "mail_query"=>""}, "1"=>{"mail_notification_id"=>"8", "interval"=>""}, "2"=>{"mail_notification_id"=>"1", "interval"=>""}, "3"=>{"mail_notification_id"=>"10", "interval"=>""}, "4"=>{"mail_notification_id"=>"3", "interval"=>""}, "5"=>{"mail_notification_id"=>"5", "interval"=>""}, "6"=>{"mail_notification_id"=>"4", "interval"=>""}, "7"=>{"mail_notification_id"=>"2", "interval"=>""}}, "admin"=>"0", "role_ids"=>["14"], "location_ids"=>[""], "default_location_id"=>"", "organization_ids"=>["", "1"], "default_organization_id"=>""}, "id"=>"4-tuser1"}
2016-12-05 13:10:28 [app] [I] Expire fragment views/tabs_and_title_records-4 (0.5ms)
2016-12-05 13:10:28 [app] [I] Redirected to https://10.64.8.255/users
2016-12-05 13:10:28 [app] [I] Completed 302 Found in 32ms (ActiveRecord: 4.5ms)
2016-12-05 13:10:28 [app] [I] Started GET "/users" for 10.64.0.208 at 2016-12-05 13:10:28 +1100
2016-12-05 13:10:28 [app] [I] Processing by UsersController#index as */*
2016-12-05 13:10:28 [app] [I] Rendered users/index.html.erb within layouts/application (17.4ms)
2016-12-05 13:10:28 [app] [I] Rendered common/_searchbar.html.erb (3.6ms)
2016-12-05 13:10:28 [app] [I] Rendered layouts/_application_content.html.erb (4.2ms)
2016-12-05 13:10:28 [app] [I] Rendered home/_submenu.html.erb (1.8ms)
2016-12-05 13:10:28 [app] [I] Rendered home/_user_dropdown.html.erb (1.7ms)
2016-12-05 13:10:28 [app] [I] Read fragment views/tabs_and_title_records-4 (0.1ms)
2016-12-05 13:10:28 [app] [I] Rendered home/_organization_dropdown.html.erb (4.4ms)
2016-12-05 13:10:28 [app] [I] Rendered home/_location_dropdown.html.erb (4.2ms)
2016-12-05 13:10:28 [app] [I] Rendered home/_org_switcher.html.erb (9.4ms)
2016-12-05 13:10:28 [app] [I] Rendered home/_submenu.html.erb (4.4ms)
-------
Verified. Version Tested : Satellite-6.3 Snap 10 1. Login as admin 2. Go to Administrator > Users > 3. Create user "tuser1" , set password. Have not select any roles. 4. Create user "tuser2" , set password. Have not select any roles. 5. Create user group "tusergroup" and select "tuser1" as member , in the role tab, select "Admin" and add all the roles 6. Add tuser2 to "tusergroup" 7. Submit 8. check the "Users" tab and see the "tuser1" is showing in the table with "Administrator" column ticked 9. logout from "Admin" user 10. Log in as "tuser1" 11. Go to Administrator > Users > 12. Select User "tuser1" 13. Go to "Location" tab and change the location . (unselect existing one or select new one or any change ) or change Orgnaization 14. Submit 15. Repeat step 9,10 and check if the "Location"/"Orgnaization" has changed or not. 16. Organizations/locations changed Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0336 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0336 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0336 |