Bug 1853681

Summary: User without generate_foreman_rh_cloud permission can try to generate report
Product: Red Hat Satellite Reporter: Mirek Długosz <mzalewsk>
Component: RH Cloud - InventoryAssignee: Shimon Shtein <sshtein>
Status: CLOSED ERRATA QA Contact: Jameer Pathan <jpathan>
Severity: low Docs Contact:
Priority: low    
Version: 6.8.0CC: aruzicka
Target Milestone: 6.9.0Keywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 2.0.13 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-04-21 13:15:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mirek Długosz 2020-07-03 14:34:10 UTC 
User without "generate_foreman_rh_cloud" permission can still try to generate report, and won't be informed about missing permission. Depending on how much user is aware of his limited permissions, it may lead to user thinking that plugin is not working.


steps:
1. create user with view_foreman_rh_cloud, but without generate_foreman_rh_cloud permission
2. login as that user and open RH Cloud - Inventory page
3. click "Restart" to force regeneration of report


Actual:
Nothing visible happens. For around a second, it looks like report is being generated (there's "loading" circle visible")
In web tools, I can see that POST to /foreman_inventory_upload/:id/reports returned 403 http code. Response contains HTML instead of JSON


Expected:
Disable "Restart" button, so users can't get themselves in this situation.
Or handle 403 code returned by service and display error message to user.


Found on:
Satellite 6.8.0 snap 7
foreman-2.1.0-0.22.rc3.el7sat.noarch
pulp-server-2.21.2-1.el7sat.noarch
katello-3.16.0-0.3.rc3.el7sat.noarch
satellite-6.8.0-0.6.beta.el7sat.noarch
tfm-rubygem-foreman_rh_cloud-2.0.8-1.el7sat.noarch
Comment 3 Brad Buckingham 2021-01-08 20:59:54 UTC 
Early Satellite 6.9 snap includes tfm-rubygem-foreman_rh_cloud-1.0.12-1.el7sat.noarch.rpm.  Since it appears that this is already included, aligning to release and updating state.
Comment 4 Jameer Pathan 2021-01-29 14:23:29 UTC 
Verified

Verified with:
- Satellite 6.9.0 snap 11
- tfm-rubygem-foreman_rh_cloud-3.0.14-1.el7sat.noarch
- foreman-2.3.1.4-1.el7sat.noarch
- katello-3.18.1-1.el7sat.noarch
- pulp-server-2.21.4-2.el7sat.noarch

Test steps:

1. Create a Role having view_foreman_rh_cloud permission only.
2. Create a user and assign the Role created to it.
3. login as that user and open RH Cloud - Inventory page
4. click "Restart" to force regeneration of report

Observation:
-"Request failed with status code 403" error message on Satellite UI.
Comment 7 errata-xmlrpc 2021-04-21 13:15:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Satellite 6.9 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1313