Bug 510122

Summary: Cloned errata from a non sharing ORG is showing up in errata search results
Product: Red Hat Satellite 5 Reporter: John Sefler <jsefler>
Component: WebUIAssignee: John Matthews <jmatthew>
Status: CLOSED CURRENTRELEASE QA Contact: John Sefler <jsefler>
Severity: medium Docs Contact:
Priority: low    
Version: 530CC: bbuckingham, cperry, psklenar
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://grandprix.rhndev.redhat.com/rhn/errata/Search.do?start_hour=2&end_year=2009&start_month=6&errata_type_bug=on&end_hour=2&search_string=http&end_am_pm=1&errata_type_security=on&start_minute=38&start_am_pm=1&end_minute=38&end_day=7&start_year=2009&end_month=6&view_mode=errata_search_by_all_fields&errata_type_enhancement=on&start_day=6
Whiteboard:
Fixed In Version: sat530 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-10 19:32:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 457073    
Attachments:
Description Flags
ss2 none

Description John Sefler 2009-07-07 18:46:02 UTC 
Description of problem:

7/3 build selinux rhel 5

recreate:
1. created cloned errata
2. wait for search index to capture cloned errata
3. delete clone errata
4. rebuild search index /etc/init.d/rhn-search cleanindex
or wait for indext to rebuild

Expected Results
at this point a errata search should *not* return results w/ the cloned errata.

Actual Results:
cloned errata are returned in results, when the should not be.. because they have been deleted.


g
Comment 1 John Sefler 2009-07-07 18:46:58 UTC 
Created attachment 350846 [details]
ss2
Comment 2 John Matthews 2009-07-09 18:20:24 UTC 
Turns out the issue here is that cloned errata from a different ORG are showing up in errata search results, then clicking on the result brings up an error page since the errata is not accessible to this org.
Comment 3 John Matthews 2009-07-09 18:30:40 UTC 
This is the commit in master which fixes the problem.

http://git.fedorahosted.org/git/?p=spacewalk.git;a=commit;h=28a72cc88d4984d21d7856bcc09ab275a1f66a45


The fix is to leverage rhnAvailableChannels in the DB query to filter returned errata to only those that are accessible by the logged in user's org.

    </query>

-    <query name="PublishedErrata.searchById">

-        <![CDATA[select distinct e.id, e.advisory, e.advisoryName, e.advisoryType, e.synopsis, e.updateDate, e.issueDate

-                       from com.redhat.rhn.domain.errata.impl.PublishedErrata as e

+    <sql-query name="PublishedErrata.searchById">

+        <![CDATA[select distinct e.id, e.advisory, e.advisory_name as advisoryName,

+                    e.advisory_type as advisoryType, e.synopsis as advisorySynopsis,

+                    e.update_date as updateDate, e.issue_date as issueDate

+                from rhnErrata e, rhnChannelErrata CE

                 where e.id IN (:eids)

+                  and CE.errata_id = e.id

+                  and CE.channel_id IN(SELECT channel_id

+                           FROM rhnAvailableChannels

+                           WHERE org_id = :org_id)

                 ]]>    

-    </query>

+        <return-scalar column="id" type="long" />

+        <return-scalar column="advisory" type="string" />

+        <return-scalar column="advisoryName" type="string" />

+        <return-scalar column="advisoryType" type="string" />

+        <return-scalar column="advisorySynopsis" type="string" />

+        <return-scalar column="updateDate" type="timestamp" />

+        <return-scalar column="issueDate" type="timestamp" />

+    </sql-query>



Testplan:
1. Create a new ORG
2. Clone a Red Hat base channel
3. Allow time for the search index to be updated, or do a "/etc/init.d/rhn-search cleanindex"
4. Verify that when logged into the ORG with the cloned channel you are seeing some Errata of "CLA" in the advisory name
5. Login as a different ORG
6. Execute an errata search, looking for any CLA's.  Verify all CLAs are viewable, as in if you click it, it displays under errata details.

Prior to fix, you would see some CLAs which were for the other ORG, when clicking them the errata/details/Details page would display an error.
Comment 4 John Matthews 2009-07-09 19:18:29 UTC 
This is the commit info for Vader

commit f83c19b8bb46935a605618353f3e733eea3fb0f5
Refs: vader, rhn-virtualization-5.3.0-1-158-gf83c19b
Author:     John Matthews <jmatthew>
AuthorDate: Thu Jul 9 14:15:45 2009 -0400
Commit:     John Matthews <jmatthew>
CommitDate: Thu Jul 9 15:11:42 2009 -0400

    510122 -  ErrataSearch now filters results so it won't display errata from a non-sharing Org
---
 .../redhat/rhn/domain/errata/ErrataFactory.java    |    4 ++-
 .../rhn/domain/errata/impl/PublishedErrata.hbm.xml |   21 ++++++++++++++++---
 .../frontend/action/errata/ErrataSearchAction.java |    8 ++++--
 .../redhat/rhn/manager/errata/ErrataManager.java   |    5 ++-
 .../rhn/manager/errata/test/ErrataManagerTest.java |   17 ++++++++++-----
 5 files changed, 39 insertions(+), 16 deletions(-)
Comment 5 Brad Buckingham 2009-07-10 21:44:00 UTC 
verified on Satellite-5.3.0-RHEL5-re20090709.0-i386-embedded-oracle.iso

scenario 1:

1. created cloned errata in org1 and publish it to a channel
2. rebuild search index to index cloned errata
3. performed Advanced Errata Search to locate the cloned errata - errata found
4. delete clone errata
5. performed Advanced Errata Search to locate the cloned errata - errata not found


since the comment in #2 mentions that this was an issue with errata that was in a different org, also ran scenario 2:

1. created cloned errata in org2 and publish it to a channel
2. rebuild search index to index cloned errata
3. performed Advanced Errata Search in org2 to locate the cloned errata - errata found and errata url is valid
4. performed Advanced Errata Search in org1 to locate the cloned errata - errata not found
Comment 6 Petr Sklenar 2009-08-21 11:48:53 UTC 
verified again on Satellite-5.3.0-RHEL4-re20090730.0
testing procedure:
ORG1
1. create my_channel and errata in my_channel
2. clone my_channel (clone_of_mychannel=public channel)
3. clone errata into clone_of_mychannel, published into clone_of_mychannel

ORG2
1. ORG1 is in trust with clone_of_mychannel
2. see that errata is listed in advanced search or in channel > errata, links works
3. delete clonned errata in clonned_of_mychannel in ORG1
4. ORG2 cannot see that errata

switching release_pending
Comment 7 Brandon Perkins 2009-09-10 19:32:53 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-1434.html