Bug 172485

Summary: API fails to allow a channel admin to view channel subscribability for user in same org
Product: Red Hat Satellite 5 Reporter: Beth Nackashi <bnackash>
Component: APIAssignee: Jesus M. Rodriguez <jesusr>
Status: CLOSED WONTFIX QA Contact: Brandon Perkins <bperkins>
Severity: medium Docs Contact:
Priority: medium    
Version: 410CC: rhn-bugs
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-14 18:57:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 145467    

Description Beth Nackashi 2005-11-05 04:45:32 UTC 
Description of problem:
API fails to allow a channel admin to view channel subscribability for user and
channel in same org.  

[bnackash@rhino api_test]$ perl test_channel.software.is_user_subscribable.pl
--user apichanneladmin --target apiorgadmin --channel
i386-api-test-custom-base-channel
Fault returned from XML RPC Server, fault code -23: Named exception:
(permission_check_failure)
[bnackash@rhino api_test]$ perl test_channel.software.is_user_subscribable.pl
--user apichanneladmin --target apinormal --channel
i386-api-test-custom-base-channel
Fault returned from XML RPC Server, fault code -23: Named exception:
(permission_check_failure)

Decoder ring:
apichanneladmin is the channel admin in org 1
apinormal and apiorgadmin are normal and org-admin users in org 1
i386-api-test-custom-base-channel is owned by org 1

The channel admin can view own channel subscribability just fine:
[bnackash@rhino api_test]$ perl test_channel.software.is_user_subscribable.pl
--user apichanneladmin --target apichanneladmin --channel
i386-api-test-custom-base-channel
Can apichanneladmin subscribe to i386-api-test-custom-base-channel? Yes


Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1.  Create an org-admin user, a channel-admin user, and a normal user in the
same org.
2.  Create a custom base channel owned by the same org.
3.  Use ~svn/qa/api_test/test_channel.software.is_user_subscribable.pl to
attempt to view the channel subscribability to that custom channel for all users
in the org (see description).
  
Actual results:
Channel admin cannot view subscribability for any users in the org except self.

Expected results:
Channel admin should be able to view subscribability for all users in the org.

Additional info:
Comment 1 Beth Nackashi 2005-11-05 04:59:32 UTC 
or, you know what?  even easier:  Just test this on RHN channels.  You don't
even need the custom channel to reproduce this.

[bnackash@rhino api_test]$ perl test_channel.software.is_user_subscribable.pl
--user apichanneladmin2 --target apichanneladmin2 --channel rhel-i386-as-4-cluster
Can apichanneladmin2 subscribe to rhel-i386-as-4-cluster? Yes
[bnackash@rhino api_test]$ perl test_channel.software.is_user_subscribable.pl
--user apichanneladmin2 --target apinormal2 --channel rhel-i386-as-4-cluster
Fault returned from XML RPC Server, fault code -23: Named exception:
(permission_check_failure)
Comment 2 Beth Nackashi 2005-11-08 19:10:15 UTC 
You know, the more I think about this, the more I realize that this might not be
a bug, but more an RFE.  Since subscribability is a "user" property, rather than
a "channel" property, it is expected that a channel admin would not be able to
view subscribability.

Or am I wrong.
Comment 3 Brandon Perkins 2006-06-22 19:21:41 UTC 
Some that slipped-through that should be on me.