Bug 798803

Summary: role info does not reflect working permissions (permissions query broken?)
Product: [Retired] Pulp Reporter: scressi
Component: user-experienceAssignee: Jason Connor <jconnor>
Status: CLOSED CURRENTRELEASE QA Contact: Preethi Thomas <pthomas>
Severity: high Docs Contact:
Priority: unspecified    
Version: 1.1.0CC: jortel, mmccune, skarmark
Target Milestone: ---Keywords: Triaged
Target Release: Sprint 34   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 813913 (view as bug list) Environment:
Last Closed: 2012-05-25 14:16:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 813913    

Description scressi 2012-02-29 22:26:25 UTC 
Description of problem:

granted/revoked priveleges are not reflect on queried role views

Version-Release number of selected component (if applicable):

Current (1.0)

How reproducible:

very

Steps to Reproduce:
1. pulp-admin -u admin -p admin user create --user test --password test
2. pulp-admin -u admin -p admin role create --role test
3. pulp-admin -u admin -p admin role add user --user=test --role=test
4. pulp-admin -u admin -p admin role info --role=test (this should output no permissions)
5. pulp-admin -u admin -p admin permission grant --resource /filters/ --role release -o read
6. pulp-admin -u admin -p admin role info --role=test
7. pulp-admin -u admin -p admin permission revoke --resource /filters/ --role release -o read
6. pulp-admin -u admin -p admin role info --role=test
  
Actual results:

step 6 should not output read permissions, but doesn't, I think the mongo query that retrieves the current role permissions DOESN'T return the proper permissions, but the permissions DO still work

Expected results:

"pulp-admin -u admin -p admin role info --role=test" should output the current working permissions

Additional info:
Comment 1 Jason Connor 2012-04-12 20:38:33 UTC 
Following steps 1-6 above, I get the following output on step 6:

$ pulp-admin -u admin -p admin role info --role=test
+------------------------------------------+
          Role Information for test
+------------------------------------------+
Name                	test                     
Users               	test                     
Permissions:
  /filters/                	READ

One thing to note about the instructions above, step 5, the grant is for a role called "resource" where the create and add are for a role called "test"
Comment 2 Jason Connor 2012-04-13 16:04:27 UTC 
Continuing on to step 7 results in:


[root@pulp-v1-server ~]# pulp-admin -u admin -p admin permission grant --resource /filters/ --role test -o read
Operations ['READ'] granted to role [ test ] on resource [ /filters/ ]

[root@pulp-v1-server ~]# pulp-admin -u admin -p admin role info --role=test+------------------------------------------+
          Role Information for test
+------------------------------------------+
Name                	test                     
Users               	test                     
Permissions:
  /filters/                	READ                     

[root@pulp-v1-server ~]# pulp-admin -u admin -p admin permission revoke --resource /filters/ --role test -o read
Operations ['READ'] revoked from role [ test ] on resource [ /filters/ ]

[root@pulp-v1-server ~]# pulp-admin -u admin -p admin role info --role=test+------------------------------------------+
          Role Information for test
+------------------------------------------+
Name                	test                     
Users               	test                     
Permissions:
  /filters/                	READ
Comment 3 Jason Connor 2012-04-13 16:06:15 UTC 
fix pushed to master in:
ef50effdc11f2ee888c0d1ef7a8ff1c707bcaf17
fix pushed to pulp_v1 in:
8d3be26864a6c2b8e58ed3426e59b09cea094930
Comment 4 Jeff Ortel 2012-04-13 19:05:19 UTC 
build: 0.283
Comment 5 Preethi Thomas 2012-04-19 18:29:38 UTC 
verified on 1.1

[root@rhel5-pulp ~]# rpm -q pulp
pulp-1.1.3-1
[root@rhel5-pulp ~]# pulp-admin -u admin -p admin user create --user test --password test
Successfully created user [ test ] with name [ None ]

[root@rhel5-pulp ~]# pulp-admin -u admin -p admin role create --role test
Role [ test ] created

[root@rhel5-pulp ~]# pulp-admin -u admin -p admin role add user --user=test --role=test
[ test ] added to role [ test ]

[root@rhel5-pulp ~]# pulp-admin -u admin -p admin role info --role=test
+------------------------------------------+
          Role Information for test
+------------------------------------------+
Name                	test                     
Users               	test                     
Permissions:

[root@rhel5-pulp ~]# pulp-admin -u admin -p admin permission grant --resource /filters/ --role test -o read
Operations ['READ'] granted to role [ test ] on resource [ /filters/ ]

[root@rhel5-pulp ~]# pulp-admin -u admin -p admin role info --role=test+------------------------------------------+
          Role Information for test
+------------------------------------------+
Name                	test                     
Users               	test                     
Permissions:
  /filters/                	READ                     

[root@rhel5-pulp ~]# pulp-admin -u admin -p admin permission revoke --resource /filters/ --role test -o read
Operations ['READ'] revoked from role [ test ] on resource [ /filters/ ]

[root@rhel5-pulp ~]# pulp-admin -u admin -p admin role info --role=test+------------------------------------------+
          Role Information for test
+------------------------------------------+
Name                	test                     
Users               	test                     
Permissions:
Comment 6 Preethi Thomas 2012-05-25 14:16:22 UTC 
Pulp v1.1 Release