Bug 736141

Summary: Systems Registration perms need to be reworked
Product: Red Hat Satellite Reporter: Partha Aji <paji>
Component: InfrastructureAssignee: Lukas Zapletal <lzap>
Status: CLOSED CURRENTRELEASE QA Contact: Garik Khachikyan <gkhachik>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.0.0CC: bkearney, gkhachik, lzap, mkoci, mmccune
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-22 17:55:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 747354    

Description Partha Aji 2011-09-06 19:26:54 UTC 
Description of problem:

At the present time create_systems permissions (which is given to those wanting to register a system to an environment or an org) automatically gives CRUD permissions for all the systems in Environment/Organizations. To manage systems better we need a more fine grained control.

Proposal

1) Change :create_systems verb in environment and org resources to :register_systems . Update the verbs in those models to reflect this.
2) Remove the permission cascade logic in environment/org and systems models
Comment 1 Lukas Zapletal 2011-09-07 15:20:25 UTC 
Regarding this issue, I have pushed a simple workaround to allow registration without activation keys.

1634bdc 736384 - workaround for perm. denied for rhsm registration

This should be removed when we refactor permissions for system activations.
Comment 2 Lukas Zapletal 2011-09-08 16:46:59 UTC 
Ok. After some dicsussion it turns out the best way is to remove create method, remove it from api controllers and create register method instead.
Comment 3 Bryan Kearney 2011-09-08 22:15:26 UTC 
I will assume the current API for subscription manager remains uneffected.
Comment 4 Lukas Zapletal 2011-09-13 15:19:29 UTC 
Pushed.

eebb966 736141 - Systems Registration perms need to be reworked

@Parta - could you review my change please?

@Bryan - yes no change in the RHSM API.
Comment 5 Lukas Zapletal 2011-09-15 10:24:05 UTC 
And rhsm is also now covered with nice system testing:

089efb4 737563 - adding more rhsm system testing
Comment 6 Lukas Zapletal 2011-09-16 12:13:57 UTC 
@Partha - no objections ;-) Putting ON_QA.