| Summary: | Notices need to be sent on permission denied | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Partha Aji <paji> |
| Component: | WebUI | Assignee: | Partha Aji <paji> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Sachin Ghai <sghai> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 6.0.0 | CC: | cwelton, mmccune, sghai |
| Target Milestone: | Unspecified | Keywords: | Triaged |
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-08-22 21:01:19 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Partha Aji
2011-08-16 23:05:38 UTC
In roles-ui For Ajax calls I verified this with following katello version:
katello-0.1.75-1.git.41.2e9f377.fc15.noarch
I created a user and assigned a newly created role. That role includes following permissions.
Permission for org:
access organization
access systems
Permissions for Environment:
Access Changeset in Env
Access env contents
Access systems in Env
Permissions for Provider:
Access provider
Create provider
Permissions for users:
Access users
Create users
When I login with newly created user which has all above permissions and click on sync mgmt tab under content management, UI throws following error:
>> We're sorry, but something went wrong.
>> We've been notified about this issue and we'll take a look at it shortly.
Since I've not assigned the sync related permissions, so ideally a permission denied message should pop up.
So you should not be getting the "500" when you hit the sync management page, I suspect its related to the fact that pulp is not setup to work on multi user oauth with katello yet. That work is still incomplete AFAIK. Can you paste the stack trace in katello/production.log when you get this error? I re-verified this defect with new builds: [root@dhcp201-187 ~]# rpm -qa | grep katello katello-cli-0.1.10-1.git.436.ebcad79.fc15.noarch katello-0.1.85-1.git.70.844626c.fc15.noarch katello-configure-0.1.3-1.git.0.403cd32.fc15.noarch [root@dhcp201-187 ~]# Now, I can traverse the sync management tab. And this time UI doesn't throws any error like I stated in comment3. I can traverse the "sync management tab". So my question is : Is it expected behaviour ? Ideally UI should raise the permission denied message because the user with which I login doesn't have sync related permissions. I used the same permissions as stated in comment3. log from katello/production.log is -- Started GET "/katello//sync_management/index" for 10.65.193.48 at Mon Oct 03 11:10:22 +0530 2011 Processing by SyncManagementController#index as HTML Rendered sync_management/_products.html.haml (2.4ms) Rendered layouts/_ajax_notices.haml (2.3ms) Rendered layouts/_notification.haml (0.1ms) Rendered layouts/_org.haml (0.7ms) Rendered layouts/_header.haml (4.8ms) Rendered layouts/_footer.haml (0.6ms) Rendered common/_common_i18n.html.haml (0.2ms) Rendered sync_management/index.html.haml within layouts/katello (244.3ms) Completed 200 OK in 265ms (Views: 212.7ms | ActiveRecord: 38.8ms) -- mass move to CFSE product. Issue in comment # 3 now should ve been fixed. You should not be able to navigate to the sync management page and you should see a 403 permission denied error on the screen if you tried to add "/katello//sync_management/index" to the URL and tried to visit the page. I had a user with system permissions. I manually pasted in the URL for promotions, and got a 403, as expected. However, I did not see any ensuing error message sent to the Notification view, as seen by either the user or the admin user. Oh, so this bug is not referring to the actual notifications subsystem but rather just a notice (the former might be nice...) QA Verified. |