Created attachment 911404 [details] NetworkError: 403 Forbidden - when publishing cv via normal user Description of problem: I was trying a scenario where a normal user can publish a CV in a selected org. But when I tried publish, Firebug raises: "NetworkError: 403 Forbidden - https://dhcp201-161.englab.pnq.redhat.com/foreman_tasks/api/tasks/bulk_search" bulk_search production.log says: Processing by ForemanTasks::Api::TasksController#bulk_search as JSON Parameters: {"searches"=>[{"type"=>"task", "task_id"=>"b2b834f7-4288-4e8a-90dd-16eee2183e3d", "search_id"=>"1"}], "task"=>{}} Rendered api/v2/errors/access_denied.json.rabl within api/v2/layouts/error_layout (0.7ms) Filter chain halted as :authorize rendered or redirected Completed 403 Forbidden in 16ms (Views: 1.7ms | ActiveRecord: 2.6ms) Processing by ForemanTasks::Api::TasksController#bulk_search as JSON Parameters: {"searches"=>[{"type"=>"task", "task_id"=>"b2b834f7-4288-4e8a-90dd-16eee2183e3d", "search_id"=>"1"}], "task"=>{}} Rendered api/v2/errors/access_denied.json.rabl within api/v2/layouts/error_layout (0.7ms) Filter chain halted as :authorize rendered or redirected Completed 403 Forbidden in 17ms (Views: 1.8ms | ActiveRecord: 2.8ms) Version-Release number of selected component (if applicable): sat6 beta snap10 How reproducible: always Steps to Reproduce: 1. created a role "role1" via admin user 2. added following permissions to "role1" content-view resource type - create, view and publish CV Product resource type - view product activation-key resource type - create, update, destroy, view Lifecycle env resource type - view 3. created a CV "cv1" via admin and addded a repo to it and published its version1 4. created a user ak1 and assign role1 to this user 5. logout with admin and login with ak1 6. selected 'cv1' 7. started publish Actual results: "NetworkError: 403 Forbidden - https://dhcp201-161.englab.pnq.redhat.com/foreman_tasks/api/tasks/bulk_search" bulk_search Expected results: cv should be published. Not sure what I'm missing here. any permission ? If I'm missing any permission then Publish shouldn't be enabled. Additional info:
On navigating away from version tab and come back.. version was created. Please see the screenshot.
Created attachment 911405 [details] version_created on navigating away from version tab
I added a resource type: (Miscellaneous) with "View_tasks" permission.but no luck.
The publish/promotion should still be successful, it's just the querying of the task status that is not. Downstream issue: http://projects.theforeman.org/issues/4450
Connecting redmine issue http://projects.theforeman.org/issues/4450D from this bug
Connecting redmine issue http://projects.theforeman.org/issues/4450 from this bug
Also manifest upload/refresh/delete has same problem
Fixed as part of https://github.com/theforeman/foreman/pull/2060
*** Bug 1221242 has been marked as a duplicate of this bug. ***
This bug is slated to be released with Satellite 6.1.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2015:1592