Bug 1464137
Summary: | API - non-admin user can't create entities within org and loc he belongs to | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Stanislav Tkachenko <stkachen> |
Component: | Organizations and Locations | Assignee: | Marek Hulan <mhulan> |
Status: | CLOSED ERRATA | QA Contact: | Sanket Jagtap <sjagtap> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.3.0 | CC: | bbuckingham, ehelms, jalviso, mhulan, oshtaier, sjagtap, tstrachota, zhunting |
Target Milestone: | Unspecified | Keywords: | Triaged |
Target Release: | Unused | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | foreman-1.16.0 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-02-21 16:54:17 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Stanislav Tkachenko
2017-06-22 13:45:39 UTC
Could you please provide the full reproducer? Ideally curl/wget commands you're using ideally also for user creation and permission setup. I can't reproduce the behavior. Following hammer commands did the trick for me hammer user create --login orgtest --mail ares --password changeme --organization-ids 1 --location-ids 2 --auth-source-id 1 hammer user add-role --login orgtest --role Manager hammer -u orgtest -p changeme subnet create --organization-ids 1 --location-ids 2 --name Test --network 192.168.0.1 --mask 255.255.255.0 Also please list all roles and their configuration that the user is assigned. Thanks Stanislav, now I see what's going on. Your user does not have permissions "assign_location" and "assign_organization" which are required to create resources assigned to orgs and locs. I think the validation message could be more descriptive, e.g. 'Organization ids Invalid organizations selection, you must select at least one of yours for which you have permission to `assign_organization`'. Would that be a good solution? Also if you agree, I think this is not a 6.3 blocker so I'd move it to sat-backlog even though I'd provide the fix right away. (In reply to Marek Hulan from comment #5) I've checked with additional permissions, now tests are passing :) > I think the validation > message could be more descriptive, e.g. 'Organization ids Invalid > organizations selection, you must select at least one of yours for which you > have permission to `assign_organization`'. Would that be a good solution? Yes, more descriptive message would be great. > Also if you agree, I think this is not a 6.3 blocker so I'd move it to > sat-backlog even though I'd provide the fix right away. Agree. Created redmine issue http://projects.theforeman.org/issues/20165 from this bug Upstream bug assigned to mhulan Upstream bug assigned to mhulan *** Bug 1462388 has been marked as a duplicate of this bug. *** Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/20165 has been resolved. Build: Satellite 6.3.0 snap 26 Using the reproducer steps The new error generated is more detailed and the require permission are display in error curl -s -H "Content-Type: application/json" -H "Accept:application/json" -k -u "apple:apple" -X POST -d '{"domain": {"name": "apple", "location_ids": [8], "organization_ids": [7]}}' https://sathost/api/v2/domains { "error": {"id":null,"errors":{"organization_ids":["Invalid organizations selection, you must select at least one of yours and have 'assign_organizations' permission."],"location_ids":["Invalid locations selection, you must select at least one of yours and have 'assign_locations' permission."]},"full_messages":["Organization ids Invalid organizations selection, you must select at least one of yours and have 'assign_organizations' permission.","Location ids Invalid locations selection, you must select at least one of yours and have 'assign_locations' permission."]} } Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
>
> For information on the advisory, and where to find the updated files, follow the link below.
>
> If the solution does not work for you, open a new bug report.
>
> https://access.redhat.com/errata/RHSA-2018:0336
|