1112563 – roles: content-search doesn't show packages to normal user, who has permission to view_product

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1112563 - roles: content-search doesn't show packages to normal user, who has permission to view_product

Summary: roles: content-search doesn't show packages to normal user, who has permissio...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Users & Roles
Sub Component:
Version:	6.0.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	Unspecified
Assignee:	Eric Helms
QA Contact:	Sachin Ghai
Docs Contact:
URL:	http://projects.theforeman.org/issues...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-06-24 08:27 UTC by Sachin Ghai
Modified:	2017-02-23 21:14 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-08-12 05:09:51 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
rotating spinner along with type error in firebug (66.60 KB, image/png) 2014-06-24 08:27 UTC, Sachin Ghai	no flags	Details
assigned perms along from selected resources to a normal user (37.13 KB, image/png) 2014-06-24 08:29 UTC, Sachin Ghai	no flags	Details
I can see packages under content-search page via normal user who has view-product permission (95.28 KB, image/png) 2015-04-02 07:46 UTC, Sachin Ghai	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	9554	0	None	None	None	2016-04-22 15:47:31 UTC
Red Hat Product Errata	RHSA-2015:1592	0	normal	SHIPPED_LIVE	Important: Red Hat Satellite 6.1.1 on RHEL 6	2015-08-12 09:04:35 UTC

Description Sachin Ghai 2014-06-24 08:27:36 UTC

Created attachment 911662 [details]
rotating spinner along with type error in firebug

Description of problem:
I was trying to view contents via content search. I can see content-views, products, repositories etc. But when I tried to view packages, spinner starts rotating on webUI and keep on rotating.

Also, Firebug raises error: 

TypeError: item is null
	
..."active-result")?$(evt.target):$(evt.target).parents(".active-result").first();i...

Version-Release number of selected component (if applicable):
sat6 beta snap10 compose2

How reproducible:
always

Steps to Reproduce:
1. create a role via admin user and add permissions as per the attached screenshot
2. go to content-search and search or packages ( Make sure firebug is ON)
3.

Actual results:
TypeError: item is null
	
..."active-result")?$(evt.target):$(evt.target).parents(".active-result").first();i...


Expected results:
packages should be listed.

Additional info: I didn't see any other resource type who have permission to view packages.


following request made while searching for packages:

Processing by Katello::ContentSearchController#packages as */*
  Parameters: {"repos"=>{"search"=>""}, "packages"=>{"search"=>""}, "content_type"=>"packages", "mode"=>"all", "environments"=>[1], "content_search"=>{"repos"=>{"search"=>""}, "packages"=>{"search"=>""}, "content_type"=>"packages", "mode"=>"all", "environments"=>[1]}}
  Rendered /opt/rh/ruby193/root/usr/share/gems/gems/katello-1.5.0/app/views/katello/content_search/_container_hover.html.haml (245.5ms)
  Rendered /opt/rh/ruby193/root/usr/share/gems/gems/katello-1.5.0/app/views/katello/content_search/_container_hover.html.haml (46.6ms)
  Rendered /opt/rh/ruby193/root/usr/share/gems/gems/katello-1.5.0/app/views/katello/content_search/_repo_hover.html.haml (18.9ms)
  Rendered /opt/rh/ruby193/root/usr/share/gems/gems/katello-1.5.0/app/views/katello/content_search/_repo_hover.html.haml (19.5ms)
  Rendered /opt/rh/ruby193/root/usr/share/gems/gems/katello-1.5.0/app/views/katello/content_search/_container_hover.html.haml (25.4ms)
  Rendered /opt/rh/ruby193/root/usr/share/gems/gems/katello-1.5.0/app/views/katello/content_search/_container_hover.html.haml (23.2ms)
  Rendered /opt/rh/ruby193/root/usr/share/gems/gems/katello-1.5.0/app/views/katello/content_search/_repo_hover.html.haml (17.1ms)
  Rendered /opt/rh/ruby193/root/usr/share/gems/gems/katello-1.5.0/app/views/katello/content_search/_repo_hover.html.haml (205.3ms)
Completed 200 OK in 1363ms (Views: 624.6ms | ActiveRecord: 34.9ms)

Comment 1 Sachin Ghai 2014-06-24 08:29:49 UTC

Created attachment 911663 [details]
assigned perms along from selected resources to a normal user

Comment 3 Eric Helms 2015-02-25 20:12:37 UTC

Created redmine issue http://projects.theforeman.org/issues/9554 from this bug

Comment 4 Eric Helms 2015-02-25 20:55:59 UTC

This was actually broken in all cases and a regression from a prior bug fix. 

https://github.com/Katello/katello/pull/5050

Comment 5 Bryan Kearney 2015-03-10 14:02:29 UTC

Moving to POST since upstream bug http://projects.theforeman.org/issues/9554 has been closed
-------------
Eric Helms
Applied in changeset commit:katello|2162948c05f28f830dfe4545b0f07fab88db55d8.

Comment 8 Sachin Ghai 2015-04-02 07:44:01 UTC

Verified with sat6.1 beta snap9 ( Satellite-6.1.0-RHEL-6-20150331.1). I created a user with all those permissions given in the attachment. And I can see the packages from selected repo via a normal user who has view_product permission.

And I don't see any error in firebug. Please see the attachment. Moving this to verified.

Comment 9 Sachin Ghai 2015-04-02 07:46:41 UTC

Created attachment 1010034 [details]
I can see packages under content-search page via normal user who has view-product permission

Comment 10 Bryan Kearney 2015-08-11 13:29:07 UTC

This bug is slated to be released with Satellite 6.1.

Comment 11 errata-xmlrpc 2015-08-12 05:09:51 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2015:1592

Note You need to log in before you can comment on or make changes to this bug.