Bug 510122
Description
John Sefler
2009-07-07 18:46:02 UTC
Created attachment 350846 [details]
ss2
Turns out the issue here is that cloned errata from a different ORG are showing up in errata search results, then clicking on the result brings up an error page since the errata is not accessible to this org. This is the commit in master which fixes the problem. http://git.fedorahosted.org/git/?p=spacewalk.git;a=commit;h=28a72cc88d4984d21d7856bcc09ab275a1f66a45 The fix is to leverage rhnAvailableChannels in the DB query to filter returned errata to only those that are accessible by the logged in user's org. </query> - <query name="PublishedErrata.searchById"> - <![CDATA[select distinct e.id, e.advisory, e.advisoryName, e.advisoryType, e.synopsis, e.updateDate, e.issueDate - from com.redhat.rhn.domain.errata.impl.PublishedErrata as e + <sql-query name="PublishedErrata.searchById"> + <![CDATA[select distinct e.id, e.advisory, e.advisory_name as advisoryName, + e.advisory_type as advisoryType, e.synopsis as advisorySynopsis, + e.update_date as updateDate, e.issue_date as issueDate + from rhnErrata e, rhnChannelErrata CE where e.id IN (:eids) + and CE.errata_id = e.id + and CE.channel_id IN(SELECT channel_id + FROM rhnAvailableChannels + WHERE org_id = :org_id) ]]> - </query> + <return-scalar column="id" type="long" /> + <return-scalar column="advisory" type="string" /> + <return-scalar column="advisoryName" type="string" /> + <return-scalar column="advisoryType" type="string" /> + <return-scalar column="advisorySynopsis" type="string" /> + <return-scalar column="updateDate" type="timestamp" /> + <return-scalar column="issueDate" type="timestamp" /> + </sql-query> Testplan: 1. Create a new ORG 2. Clone a Red Hat base channel 3. Allow time for the search index to be updated, or do a "/etc/init.d/rhn-search cleanindex" 4. Verify that when logged into the ORG with the cloned channel you are seeing some Errata of "CLA" in the advisory name 5. Login as a different ORG 6. Execute an errata search, looking for any CLA's. Verify all CLAs are viewable, as in if you click it, it displays under errata details. Prior to fix, you would see some CLAs which were for the other ORG, when clicking them the errata/details/Details page would display an error. This is the commit info for Vader commit f83c19b8bb46935a605618353f3e733eea3fb0f5 Refs: vader, rhn-virtualization-5.3.0-1-158-gf83c19b Author: John Matthews <jmatthew> AuthorDate: Thu Jul 9 14:15:45 2009 -0400 Commit: John Matthews <jmatthew> CommitDate: Thu Jul 9 15:11:42 2009 -0400 510122 - ErrataSearch now filters results so it won't display errata from a non-sharing Org --- .../redhat/rhn/domain/errata/ErrataFactory.java | 4 ++- .../rhn/domain/errata/impl/PublishedErrata.hbm.xml | 21 ++++++++++++++++--- .../frontend/action/errata/ErrataSearchAction.java | 8 ++++-- .../redhat/rhn/manager/errata/ErrataManager.java | 5 ++- .../rhn/manager/errata/test/ErrataManagerTest.java | 17 ++++++++++----- 5 files changed, 39 insertions(+), 16 deletions(-) verified on Satellite-5.3.0-RHEL5-re20090709.0-i386-embedded-oracle.iso scenario 1: 1. created cloned errata in org1 and publish it to a channel 2. rebuild search index to index cloned errata 3. performed Advanced Errata Search to locate the cloned errata - errata found 4. delete clone errata 5. performed Advanced Errata Search to locate the cloned errata - errata not found since the comment in #2 mentions that this was an issue with errata that was in a different org, also ran scenario 2: 1. created cloned errata in org2 and publish it to a channel 2. rebuild search index to index cloned errata 3. performed Advanced Errata Search in org2 to locate the cloned errata - errata found and errata url is valid 4. performed Advanced Errata Search in org1 to locate the cloned errata - errata not found verified again on Satellite-5.3.0-RHEL4-re20090730.0 testing procedure: ORG1 1. create my_channel and errata in my_channel 2. clone my_channel (clone_of_mychannel=public channel) 3. clone errata into clone_of_mychannel, published into clone_of_mychannel ORG2 1. ORG1 is in trust with clone_of_mychannel 2. see that errata is listed in advanced search or in channel > errata, links works 3. delete clonned errata in clonned_of_mychannel in ORG1 4. ORG2 cannot see that errata switching release_pending An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-1434.html |