Bug 1953845

Summary: Adding a hostgroup based search filter for "view_hosts" permission inside a custom role, breaks the Subnets and Domains page of Satellite 6 UI
Product: Red Hat Satellite Reporter: Sayan Das <saydas>
Component: Users & RolesAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED ERRATA QA Contact: Peter Ondrejka <pondrejk>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.9.0CC: egolov, mhulan, oezr, osousa
Target Milestone: 6.10.0Keywords: Patch, Triaged
Target Release: Unused   
Hardware: All   
OS: Unspecified   
Whiteboard:
Fixed In Version: foreman-2.5.1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-16 14:10:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sayan Das 2021-04-27 05:27:35 UTC 
Problem Description:

Adding a hostgroup based search filter for "view_hosts" permission inside a custom role breaks the Subnets and Domains page of Satellite 6 UI. Please check the reproducer steps to understand more.



Release Version of applicable components where this behavior was noticed:

Satellite 6.7, 6.8, 6.9



How Reproducible:

100%




Steps to Reproduce:


0. Ensure we have a subnet\domain\hostgroup present and one host associated with that hostgroup. For me, the hostgroup name is "capsule/RHEL8" which has a parent-child relationship but we can use a normal hostgroup as well.

1. From Administer --> Roles, Clone the "Viewer" role by the name "Custom Viewer"

2. Edit the "Custom Viewer" role, edit the view_hosts permission to add a search filter based on hostgroup_title i.e. hostgroup_title = capsule/RHEL8

	--> Optionally created a similar filter for "view_hostgroups" permission i.e. title = capsule/RHEL8  [ But this does not cause any harm and we can exclude it as well ]

3. Create a user and have the "Custom Viewer" role associated with the user.

4. Now login back to the UI with that User and visit the following pages.
	--> Hosts --> All Hosts
		  --> Content Hosts

	--> Infrastructure --> Subnets
			   --> Domains


5. Login back as admin and remove the search filter for view_hosts in the "Custom Viewer" role.

6. Now repeat the testing at Step 4 and everything will work fine.




Actual Results:


For the subnets page, the error will be,
~~
2021-04-27T09:02:29 [D|app|e9bcea08] Backtrace for 'Action failed' error (ActionView::Template::Error): PG::AmbiguousColumn: ERROR:  column reference "subnet_id" is ambiguous
LINE 1: SELECT COUNT(DISTINCT "hosts"."id") AS count_id, subnet_id A...
                                                         ^
: SELECT COUNT(DISTINCT "hosts"."id") AS count_id, subnet_id AS subnet_id FROM "hosts" INNER JOIN "nics" ON "nics"."host_id" = "hosts"."id" AND "nics"."primary" = $1 LEFT OUTER JOIN "hostgroups" ON "hostgroups"."id" = "hosts"."hostgroup_id" AND (hostgroups.id IN (1,2,3,4,5,6,7,8,9,10)) WHERE "hosts"."type" IN ('Host::Managed') AND "hosts"."organization_id" = $2 AND "hosts"."location_id" = $3 AND ((("hostgroups"."title" = 'capsule/RHEL8') AND ("hosts"."organization_id" = '1') AND ("hosts"."location_id" = '2'))) GROUP BY subnet_id
~~

For the domains page, the error will be,
~~
2021-04-27T09:03:19 [D|app|2f414de7] Backtrace for 'Action failed' error (ActionView::Template::Error): PG::AmbiguousColumn: ERROR:  column reference "domain_id" is ambiguous
LINE 1: SELECT COUNT(DISTINCT "hosts"."id") AS count_id, domain_id A...
                                                         ^
: SELECT COUNT(DISTINCT "hosts"."id") AS count_id, domain_id AS domain_id FROM "hosts" INNER JOIN "nics" ON "nics"."host_id" = "hosts"."id" AND "nics"."primary" = $1 LEFT OUTER JOIN "hostgroups" ON "hostgroups"."id" = "hosts"."hostgroup_id" AND (hostgroups.id IN (1,2,3,4,5,6,7,8,9,10)) WHERE "hosts"."type" IN ('Host::Managed') AND "hosts"."organization_id" = $2 AND "hosts"."location_id" = $3 AND ((("hostgroups"."title" = 'capsule/RHEL8') AND ("hosts"."organization_id" = '1') AND ("hosts"."location_id" = '2'))) GROUP BY domain_id

~~



Expected Results:

No errors are displayed and the user should be able to view the subnets and domains listed.



Additional Notes:
NA
Comment 4 Bryan Kearney 2021-05-28 10:18:36 UTC 
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/32629 has been resolved.
Comment 6 Peter Ondrejka 2021-07-09 08:12:07 UTC 
Verified on Satellite 6.10 sn 8 using steps from the problem description
Comment 9 errata-xmlrpc 2021-11-16 14:10:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Satellite 6.10 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4702