Bug 1397465

Summary: [CFME 5.7 beta] Provisioning notifications are not RBAC-compliant with regard to group membership
Product: Red Hat CloudForms Management Engine Reporter: Satoe Imaishi <simaishi>
Component: ApplianceAssignee: Šimon Lukašík <slukasik>
Status: CLOSED ERRATA QA Contact: Satyajit Bulage <sbulage>
Severity: high Docs Contact:
Priority: high    
Version: 5.7.0CC: abellott, cpelland, dajohnso, jhardy, mkanoor, obarenbo, sbulage, tfitzger
Target Milestone: GA   
Target Release: 5.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: notification
Fixed In Version: 5.7.0.16 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1394283 Environment:
Last Closed: 2017-01-04 13:17:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: CFME Core Target Upstream Version:
Bug Depends On: 1394283    
Bug Blocks:    
Attachments:
Description Flags
Screenshot showing actual results none

Comment 2 Šimon Lukašík 2016-11-22 15:37:46 UTC 
Euwe Backport details:

$ git log -1
commit 95b74a8a55fcbd5ebd93717eb58775b4c9ea211f
Comment 3 Satyajit Bulage 2016-12-02 10:46:36 UTC 
Created attachment 1227270 [details]
Screenshot showing actual results

Hello,

I am able to reproduce this issue on the current build. See attached screenshot.

Current Version:- 5.7.0.13-rc3.20161129142908_1d51fd2 

Thanks,
Satyajit Bulage.
Comment 4 Šimon Lukašík 2016-12-08 12:47:55 UTC 
https://github.com/ManageIQ/manageiq/pull/13051
Comment 5 CFME Bot 2016-12-08 20:50:48 UTC 
New commit detected on ManageIQ/manageiq/euwe:
https://github.com/ManageIQ/manageiq/commit/f3db579e4d9c0628774fb6ef9f80c4cc717ed3b7

commit f3db579e4d9c0628774fb6ef9f80c4cc717ed3b7
Author:     Gregg Tanzillo <gtanzill>
AuthorDate: Thu Dec 8 14:54:06 2016 -0500
Commit:     Oleg Barenboim <chessbyte>
CommitDate: Thu Dec 8 15:46:08 2016 -0500

    Merge pull request #13051 from isimluk/rhbz#1397465
    
    Notify only a group of users when notifying about MiqRequest
    (cherry picked from commit 9d5adc4fd63ec30e208fc81fbc8b699bf9e5009b)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1397465

 app/models/notification_type.rb    |  7 ++++++-
 db/fixtures/notification_types.yml |  4 ++--
 spec/models/notification_spec.rb   | 17 +++++++++++++++++
 3 files changed, 25 insertions(+), 3 deletions(-)
Comment 6 Satyajit Bulage 2016-12-15 09:18:41 UTC 
Followed verification steps:
1. Created a new role called "my_role" that has a VM & Template Access Restriction of 'Only User or Group Owned'
2. Created two new groups "group1 and group2" in the same tenant, each with this role. 
3. Created a users named "user1 and user2" in each group. 
4. Provisioned a VM as user1, then login as user2.

User2 is not able to see the provisioning notifications from user1. Also getting provisioning-related messages to the requester and owner of the VM.

Verified Version:- 5.7.0.16.20161213213754_1ad3545
Comment 8 errata-xmlrpc 2017-01-04 13:17:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0012.html