Bug 1546944

Summary: Getting Forbidden exception after ordering the service by non-admin user.
Product: Red Hat CloudForms Management Engine Reporter: Neha Chugh <nchugh>
Component: UI - ServiceAssignee: Ohad Levy <ohadlevy>
Status: CLOSED CURRENTRELEASE QA Contact: Antonin Pagac <apagac>
Severity: high Docs Contact:
Priority: high    
Version: 5.8.0CC: apagac, aperotti, cpelland, fdewaley, gekis, james.beal, lavenel, obarenbo, ohadlevy, simaishi, smallamp
Target Milestone: GAKeywords: TestOnly, ZStream
Target Release: 5.10.0   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: 5.10.0.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1553809 1569079 (view as bug list) Environment:
Last Closed: 2019-02-11 13:59:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1553809, 1569079    

Description Neha Chugh 2018-02-20 06:01:13 UTC 
Description of problem:
Even after enabling the Service Role, User not able to order the catalog and it throws 

Version-Release number of selected component (if applicable):
5.9.0

How reproducible:
Always

Steps to Reproduce:
1. Go to Access Control, Create a role named "service_role" with below roles should be enabled i.e. Compute and Services.
2. Create a user i.e. "service_user" based on this "service_role" 
3. Login with service_user and while ordering the catalog, it is throwing 403 Forbidden exception.

Actual results:

[----] E, [2018-02-16T06:22:32.979134 #1964:4db8c70] ERROR -- : MIQ(Api::ServiceDialogsController.api_error) API Error
[----] E, [2018-02-16T06:22:32.979219 #1964:4db8c70] ERROR -- : MIQ(Api::ServiceDialogsController.api_error) Api::ForbiddenError: Use of the read action is forbidden
[----] I, [2018-02-16T06:22:32.979768 #1964:4db8c70]  INFO -- : MIQ(Api::ServiceDialogsController.log_request) Response:       {:completed_at=>"2018-02-16 11:22:32 UTC", :size=>"0.108 KBytes", :time_taken=>"0.017 Seconds", :status=>403}

Expected results:

It should be able to order the service.

Additional info:

As a workaround, if we enable the automate privilege to the service_user then he is able to order the service.
Comment 3 CFME Bot 2018-03-08 16:24:42 UTC 
https://github.com/ManageIQ/manageiq-api/pull/343
Comment 4 CFME Bot 2018-03-08 17:34:14 UTC 
New commit detected on ManageIQ/manageiq-api/master:

https://github.com/ManageIQ/manageiq-api/commit/2033b1440b729f5a91cd0749f6cded4d8c416b47
commit 2033b1440b729f5a91cd0749f6cded4d8c416b47
Author:     Jillian Tullo <jtullo>
AuthorDate: Thu Mar  8 11:09:33 2018 -0500
Commit:     Jillian Tullo <jtullo>
CommitDate: Thu Mar  8 11:09:33 2018 -0500

    Add svc_catalog_provision product feature to service dialog queries

    Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1546944

 config/api.yml | 12 +-
 spec/requests/service_dialogs_spec.rb | 16 +
 2 files changed, 25 insertions(+), 3 deletions(-)
Comment 9 Satoe Imaishi 2018-05-15 13:40:29 UTC 
*** Bug 1563146 has been marked as a duplicate of this bug. ***
Comment 10 Antonin Pagac 2018-10-12 13:31:18 UTC 
Verified with 5.10.0.19.