Bug 1600095

Summary: Non admin user is unable to see the audits for katello and taxable resources created by admin using Any Location context
Product: Red Hat Satellite Reporter: Roman Plevka <rplevka>
Component: Audit LogAssignee: Sebastian Gräßl <sgraessl>
Status: CLOSED ERRATA QA Contact: tstrych
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.4CC: egolov, inecas, mhulan, mmccune, sgraessl, tstrych
Target Milestone: 6.5.0Keywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: foreman-1.20.0-0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1646740 (view as bug list) Environment:
Last Closed: 2019-05-14 12:37:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Roman Plevka 2018-07-11 12:07:01 UTC 
Description of problem:
unlike Admin, a regular user is not able to effectively use "Any Location" context on accessing Katello resources. So if Admin user creates a katello resource while having "Any Location" context set, audits for these actions and resources will not be visible to a regular user.

Version-Release number of selected component (if applicable):
6.4.0-11

How reproducible:
always

Steps to Reproduce:
1. create an organization (o1)
2. clone the "Auditor" role and assign the clone to the org (o1)
2. create a regular user (u1), belonging to org (o1), having "Org Admin" and the auditor clone roles assigned.
3. as an Admin user, set your location context to Any Location and organization context to o1
4. as an Admin user, create some katello resource (e.g. content view) OR architecture.
5. optional: as admin, check that the audits have been created
6. as u1, check the audits

Actual results:
u1 is unable to see any audits related to the resources created|manipulated in step #4 despite the fact that these belong to his organization.
Comment 1 Marek Hulan 2018-07-12 06:27:28 UTC 
The problem is that when we list audits, taxonomy default scope is applied since audits are now taxable. But audits for non-taxable resources should also be non-taxable. Therefore, we'll need to start storing information about whether taxonomy is applicable to each audit so we can easily search by that. Note that some resources do not support location but they support organizations so we need to start storing two different flags, e.g. organizations_relevant and locations_relevant.
Comment 2 Marek Hulan 2018-07-12 06:31:23 UTC 
Created redmine issue https://projects.theforeman.org/issues/24232 from this bug
Comment 5 Satellite Program 2018-10-02 12:09:36 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/24232 has been resolved.
Comment 7 tstrych 2019-03-12 14:05:12 UTC 
I tried steps to reproduce on sat-6.4.0 with this package version: foreman-1.18.0 
and I did the same on sat sat-6.5.0 snap 18 with this package version: foreman-1.20.1

Verified
Comment 8 tstrych 2019-03-12 14:06:08 UTC 
forgot to change the status
Comment 11 errata-xmlrpc 2019-05-14 12:37:33 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1222