Bug 1757394
Summary: | [BUG] Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via Satellite 6 API | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Sayan Das <saydas> |
Component: | Users & Roles | Assignee: | satellite6-bugs <satellite6-bugs> |
Status: | CLOSED ERRATA | QA Contact: | Radovan Drazny <rdrazny> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.6.0 | CC: | apatel, egolov, lhellebr, mhulan |
Target Milestone: | 6.8.0 | Keywords: | Triaged |
Target Release: | Unused | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | foreman-2.0.0 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-10-27 12:59:02 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Sayan Das
2019-10-01 11:59:36 UTC
Created redmine issue https://projects.theforeman.org/issues/28405 from this bug Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/28405 has been resolved. Tested on Sat 6.8 Snap 5. $ hammer user list --organization-id 1 ---|-------|------------|------------------------------|-------|---------------------|-------------- ID | LOGIN | NAME | EMAIL | ADMIN | LAST LOGIN | AUTHORIZED BY ---|-------|------------|------------------------------|-------|---------------------|-------------- 5 | raduz | | raduz@localhost | no | 2020/06/25 14:22:56 | Internal 4 | admin | Admin User | root.rdu2.redhat.com | yes | 2020/06/25 14:26:25 | Internal ---|-------|------------|------------------------------|-------|---------------------|-------------- ----- On a client Accessing table_preferences for the correct user $ curl -ku admin:changeme https://dhcp-3-238.vms.sat.rdu2.redhat.com/api/users/4/table_preferences | json_reformat % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 151 0 151 0 0 162 0 --:--:-- --:--:-- --:--:-- 162 { "total": 0, "subtotal": 0, "page": 1, "per_page": 20, "search": null, "sort": { "by": null, "order": null }, "results": [ ] } Accessing table_preferences for an incorrect (different) user $ curl -ku admin:changeme https://dhcp-3-238.vms.sat.rdu2.redhat.com/api/users/5/table_preferences | json_reformat % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 140 0 140 0 0 159 0 --:--:-- --:--:-- --:--:-- 158 { "error": { "message": "Access denied", "details": "You are trying access the preferences of a different user", "missing_permissions": null } } Accessing table_preferences for a correct user without the admin flag $ curl -ku raduz:nimda https://dhcp-3-238.vms.sat.rdu2.redhat.com/api/users/5/table_preferences | json_reformat % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 151 0 151 0 0 170 0 --:--:-- --:--:-- --:--:-- 170 { "total": 0, "subtotal": 0, "page": 1, "per_page": 20, "search": null, "sort": { "by": null, "order": null }, "results": [ ] } Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: Satellite 6.8 release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:4366 |