Bug 1414012

Summary: Provider under catalog item visible for a user who don't to have a permission for viewing a provider
Product: Red Hat CloudForms Management Engine Reporter: Satoe Imaishi <simaishi>
Component: ApplianceAssignee: Libor Pichler <lpichler>
Status: CLOSED ERRATA QA Contact: Ramesh A <rananda>
Severity: medium Docs Contact:
Priority: high    
Version: 5.6.0CC: abellott, dajohnso, jhardy, jprause, jrafanie, kseifried, lpichler, obarenbo, simaishi
Target Milestone: GAKeywords: ZStream
Target Release: 5.7.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: rbac:catalog
Fixed In Version: 5.7.1.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1387572 Environment:
Last Closed: 2017-02-27 19:28:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1387572    
Bug Blocks:    

Comment 2 CFME Bot 2017-01-18 21:45:55 UTC 
New commit detected on ManageIQ/manageiq/euwe:
https://github.com/ManageIQ/manageiq/commit/1db506b3b903216c27b4d626eef1550479831fa7

commit 1db506b3b903216c27b4d626eef1550479831fa7
Author:     Gregg Tanzillo <gtanzill>
AuthorDate: Tue Jan 10 09:41:23 2017 -0500
Commit:     Satoe Imaishi <simaishi>
CommitDate: Wed Jan 18 16:44:50 2017 -0500

    Merge pull request #13395 from lpichler/add_list_of_providers_to_rbac_on_catalog_items
    
    Add list of providers to RBAC on catalog items
    (cherry picked from commit 2909905b477b83419744b85ee8dbf92943d6c0ea)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1414012

 app/models/orchestration_template.rb       |  2 +-
 spec/models/orchestration_template_spec.rb | 20 +++++++++++++++++---
 2 files changed, 18 insertions(+), 4 deletions(-)
Comment 4 Ramesh A 2017-02-20 19:15:28 UTC 
Verified and working fine in 5.7.1.2.20170214162958_ebaba61

Verified using following steps:
================================
1. As Admin, added two azure providers namely "azure-1" and "azure-2"
2. Created new role
3. Created new Group with above role and restricted the access by specifying a tag under "My Company Tags" tab of "Assign Filters" section
4. Created new user namely "test-user" and assigned the above created group
5. Added the same tag used n step 2 to "azure-2" provider
6. Logged in as newly created user "test-user" and verified that user is able to see only the "asure-2" provider
7. As Admin, created new Catalog and Catalog Item with Type: Orchestration
8. Logged in as test-user:
  a) Verified that only "azure-2" is displayed under Compute/Clouds/Providers
  b) Verified that only "azure-2" provider is displayed in the dropdown while creating a new Catalog item
  c) Verified that only "azure-2" is displayed while editing the existing Catalog item
Comment 6 errata-xmlrpc 2017-02-27 19:28:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2017-0320.html