|Summary:||Non admin user can not query API /katello/api/capsules/:id|
|Product:||Red Hat Satellite 6||Reporter:||roarora|
|Component:||Users & Roles||Assignee:||satellite6-bugs <satellite6-bugs>|
|Status:||NEW ---||QA Contact:||Radovan Drazny <rdrazny>|
|Version:||6.4.0||CC:||b.prins, jhanley, mhulan, rcavalca|
|Fixed In Version:||Doc Type:||If docs needed, set a value|
|Doc Text:||Story Points:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description roarora 2019-07-26 10:02:34 UTC
Description of problem: If a non admin user calls a GET API on satellite.example.com/katello/api/capsules/1, it fails with response : "message": "Resource smart_proxy not found by id '1'" Non admin user has "view_smart_proxies" permissions assigned. Even if all available persmissions are assigned to the user, the error response is same. User is able to query information for all capsules i.e GET on /katello/api/capsules/ but not for a particular ID /katello/api/capsules/:id The API /katello/api/capsules/:id is called by bootstrap.py script with --new-capsule switch so bootstrap.py cannot be run with non admin user. Version-Release number of selected component (if applicable): 6.4 6.5 How reproducible: Always Steps to Reproduce: 1. Create a user role and assign all available permissions to it. Create a user and assign the role to the user. User should be non admin 2. Run following api with above user and it fails # curl -u user:password https://satellite.example.com/katello/api/capsules/1 Actual results: APi fails with response "message": "Resource smart_proxy not found by id '1'" Expected results: Non admin user should be able to call that API with appropriate permissions assigned
Comment 4 Marek Hulan 2019-11-21 11:13:02 UTC
Is the user assigned to the same organization and location as the capsule? Does the user have permission to view_organizations and view_locations (potentially limited to only these)?
Comment 5 Jessica Richards 2019-12-12 20:08:37 UTC
Marek: Yes, the user was already assigned to the same organization and location as the capsule, and the user's role already had the view_organizations and view_locations permissions.