| Summary: | User can't see the subscription they just added in an activation key | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Neil Miao <nmiao> |
| Component: | Users & Roles | Assignee: | Brad Buckingham <bbuckingham> |
| Status: | CLOSED DUPLICATE | QA Contact: | Katello QA List <katello-qa-list> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.2.3 | CC: | bbuckingham, dhlavacd, mgrigull, mhulan, vvasilev |
| Target Milestone: | Unspecified | ||
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-11-07 20:39:34 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Neil Miao
2016-11-03 08:12:55 UTC
The issue is caused by one missing permission.
The scoped_search returned an #<ActiveRecord::Relation []>, which is why the subscription list is empty.
The empty object comes from Pool.readable, which is defined in authorization/pool.rb.
(/opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.0.0.81/app/controllers/katello/api/v2/subscriptions_controller.rb)
-- snip --
api :GET, "/organizations/:organization_id/subscriptions", N_("List organization subscriptions")
api :GET, "/activation_keys/:activation_key_id/subscriptions", N_("List an activation key's subscriptions")
api :GET, "/subscriptions"
param_group :search, Api::V2::ApiController
param :organization_id, :number, :desc => N_("Organization ID"), :required => true
param :host_id, String, :desc => N_("id of a host"), :required => false
param :activation_key_id, String, :desc => N_("Activation key ID"), :required => false
param :available_for, String, :desc => N_("Object to show subscriptions available for, either 'host' or 'activation_key'"), :required => false
param :match_host, :bool, :desc => N_("Ignore subscriptions that are unavailable to the specified host")
param :match_installed, :bool, :desc => N_("Return subscriptions that match installed products of the specified host")
param :no_overlap, :bool, :desc => N_("Return subscriptions which do not overlap with a currently-attached subscription")
def index
*collection = scoped_search(
index_relation.uniq, :cp_id, :asc, resource_class: Pool, includes: [:subscription])*
if params[:activation_key_id]
key_pools = @activation_key.get_key_pools
collection[:results] = collection[:results].map do |pool|
ActivationKeySubscriptionsPresenter.new(pool, key_pools)
end
end
respond(:collection => collection)
end
def index_relation
return for_host if params[:host_id]
return available_for_activation_key if params[:available_for] == "activation_key"
*collection = Pool.readable*
collection = collection.where(:unmapped_guest => false)
collection = collection.get_for_organization(Organization.find(params[:organization_id])) if params[:organization_id]
collection = collection.for_activation_key(@activation_key) if params[:activation_key_id]
collection
end
-- snip --
Apparently, only the user with the permission :view_subscription (NOT :view_subcriptions) from resource type 'Katello::Subscription' is allowed to read pools.
(/opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.0.0.81/app/models/katello/authorization/pool.rb)
-- snip --
module ClassMethods
def readable
where(:subscription_id => Katello::Subscription.authorized(:view_subscription))
end
end
-- snip --
Problem is there is no such permissions in permissions table.
foreman=# select * from permissions where name like '%view_subscription%';
id | name | resource_type | created_at | updated_at
-----+--------------------+-----------------------+----------------------------+----------------------------
172 | view_subscriptions | Organization | 2015-08-28 09:34:19.93697 | 2015-08-28 09:34:19.93697
(1 rows)
(note: view_subscriptions != view_subscription)
User is able to see the subscriptions when the missing permission is added.
foreman=# insert into permissions (name,resource_type,created_at,updated_at) values ('view_subscription','Katello::Subscription',current_timestamp,current_timestamp);
INSERT 0 1
foreman=# select * from permissions where name like '%view_subscription%';
id | name | resource_type | created_at | updated_at
-----+--------------------+-----------------------+----------------------------+----------------------------
172 | view_subscriptions | Organization | 2015-08-28 09:34:19.93697 | 2015-08-28 09:34:19.93697
270 | view_subscription | Katello::Subscription | 2016-11-03 03:53:40.421009 | 2016-11-03 03:53:40.421009
(2 rows)
This bugzilla is a duplicate of bug 1333219 and has a fix upstream. I am going to close this bugzilla, but will bump up the priority of the other in hopes that it can get incorporated in to an upcoming 6.2.z. *** This bug has been marked as a duplicate of bug 1333219 *** |