Bug 801924

Summary: Model integrity sketchy
Product: Red Hat Satellite Reporter: Partha Aji <paji>
Component: InfrastructureAssignee: Lukas Zapletal <lzap>
Status: CLOSED DEFERRED QA Contact: Katello QA List <katello-qa-list>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.0.0CC: bkearney, mmccune
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-09-23 15:36:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Partha Aji 2012-03-09 20:57:52 UTC 
Description of problem:
Many of the models that are part of Katello/SystemEngine do not do integrity checks.
For example

Take ActivationKey
# => ActivationKey(id: integer, name: string, description: string, organization_id: integer, environment_id: integer, system_template_id: integer, created_at: datetime, updated_at: datetime, user_id: integer)

Now there is nothing to check for the fact that the environment_id/system_template_id belong to the same organization as organization_id when we save the model. In the UI we only show the valid values to be selected but  there is nothing preventing the user from sending wrong environment ids. 

This kind of audit probably needs to happen with many other models.