Bug 1771937

Summary: Creating a new product by limited permissions user fails with error "NoMethodError: undefined method `[]' for nil:NilClass"
Product: Red Hat Satellite Reporter: Ahmed Eladawy <aeladawy>
Component: Content ManagementAssignee: Partha Aji <paji>
Status: CLOSED ERRATA QA Contact: Lai <ltran>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.4CC: ehelms, mhulan
Target Milestone: 6.7.0Keywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: tfm-rubygem-katello-3.14.0.1-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-14 13:27:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ahmed Eladawy 2019-11-13 09:52:56 UTC 
Description of problem:

Creating a new product by limited permissions user fails  with error "NoMethodError: undefined method `[]' for nil:NilClass"

The user has been assigned to a custom role with the following filter :

Resource			Permissions			Search	
	
Product and Repositories	export_products, 		N/A
				sync_products, 
				destroy_products, 
				edit_products, 
				create_products,
				view_products

The product is created even with the error on step "Actions::Katello::Product::ReindexSubscriptions" and the task becomes on paused state and the product can not be deleted until cleaning up the task.

The product is successfully created with no errors when the following filter is added to the role:

Resource	Permissions	
Subscription	view_subscriptions

Version-Release number of selected component (if applicable):

Red Hat satellite 6.4.4-2


How reproducible:

100%

Steps to Reproduce:

1.Create a role ROLE1 with the following filters :

Resource			Permissions			Search	
	
Product and Repositories	export_products, 		N/A
				sync_products, 
				destroy_products, 
				edit_products, 
				create_products,
				view_products


2. Create a new user and assign ROLE1 to it.

3.Login using the new user and try to create a new product.


Actual results:

The product is created but with the following error and the task becomes on paused state.

An error occurred while saving the Product: 0 Task XXXXX: NoMethodError: undefined method `[]' for nil:NilClass

Expected results:
If a subscription permission is needed , the product creation task can not be started or exit with clear error.

Additional info:

The product is successfully created with no errors when the following filter is added to the role:

Resource	Permissions	
Subscription	view_subscriptions
Comment 3 Partha Aji 2019-12-03 19:42:00 UTC 
Connecting redmine issue https://projects.theforeman.org/issues/28413 from this bug
Comment 4 Bryan Kearney 2019-12-03 21:04:27 UTC 
Upstream bug assigned to paji
Comment 5 Bryan Kearney 2019-12-03 21:04:29 UTC 
Upstream bug assigned to paji
Comment 6 Bryan Kearney 2019-12-10 19:03:49 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/28413 has been resolved.
Comment 8 Lai 2020-01-07 19:38:26 UTC 
Steps to Test:

1.Create a role ROLE1 with the following filters :

Resource			Permissions			Search	
	
Product and Repositories	export_products, 		N/A
				sync_products, 
				destroy_products, 
				edit_products, 
				create_products,
				view_products


2. Create a new user and assign ROLE1 to it.

3. Login using the new user and try to create a new product.


Actual results:
Product is successfully created.  Checked the tasks and it shows that the product was successfully created.

Expected results:
Product is successfully created.  Checked the tasks and it shows that the product was successfully created.

Tested on 6.7.0_07

Marking issue as verified.
Comment 11 errata-xmlrpc 2020-04-14 13:27:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1454