I created a new user with a dedicated role with the following permissions: Host/managed: view_hosts The user is a member of 1 organization and 2/4 locations. When logging in via the web interface, the user can only see the hosts belonging to that 1 organization/2 locations. However, an API call via /api/hosts lists the hosts of all organizations and all locations. The only way I could fix this was by applying a location/organization restriction to the view_hosts filter on the role.
Created from redmine issue http://projects.theforeman.org/issues/9947
Moving to POST since upstream bug http://projects.theforeman.org/issues/9947 has been closed ------------- Marek Hulán Applied in changeset commit:abe910f2a46f4ecc1f349263d0b4751ed46ff200.
VERIFIED: # rpm -qa | grep foreman foreman-gce-1.7.2.17-1.el7sat.noarch foreman-debug-1.7.2.17-1.el7sat.noarch foreman-discovery-image-2.1.0-20.el7sat.noarch foreman-compute-1.7.2.17-1.el7sat.noarch foreman-ovirt-1.7.2.17-1.el7sat.noarch rubygem-hammer_cli_foreman_tasks-0.0.3.3-1.el7sat.noarch ruby193-rubygem-foreman_docker-1.2.0.9-1.el7sat.noarch ruby193-rubygem-foreman-redhat_access-0.1.0-1.el7sat.noarch ruby193-rubygem-foreman-tasks-0.6.12.3-1.el7sat.noarch rubygem-hammer_cli_foreman_discovery-0.0.1.7-1.el7sat.noarch ruby193-rubygem-foreman_gutterball-0.0.1.9-1.el7sat.noarch ruby193-rubygem-foreman_bootdisk-4.0.2.10-1.el7sat.noarch foreman-proxy-1.7.2.4-1.el7sat.noarch cloud-qe-9.idmqe.lab.eng.bos.redhat.com-foreman-client-1.0-1.noarch cloud-qe-9.idmqe.lab.eng.bos.redhat.com-foreman-proxy-1.0-2.noarch foreman-vmware-1.7.2.17-1.el7sat.noarch ruby193-rubygem-foreman_hooks-0.3.7-2.el7sat.noarch rubygem-hammer_cli_foreman-0.1.4.9-1.el7sat.noarch foreman-libvirt-1.7.2.17-1.el7sat.noarch foreman-selinux-1.7.2.13-1.el7sat.noarch foreman-postgresql-1.7.2.17-1.el7sat.noarch cloud-qe-9.idmqe.lab.eng.bos.redhat.com-foreman-proxy-client-1.0-1.noarch foreman-1.7.2.17-1.el7sat.noarch ruby193-rubygem-foreman_discovery-2.0.0.9-1.el7sat.noarch rubygem-hammer_cli_foreman_bootdisk-0.1.2.5-1.el7sat.noarch steps: create a new user with a dedicated role with the following permissions: Host/managed: view_hosts # curl -i -k -u test_user:redhat -H "Accept: application/json" -X GET 'https://cloud-qe-09.idmqe.lab.eng.bos.redhat.com/api/v2/hosts' HTTP/1.1 200 OK Date: Wed, 29 Apr 2015 09:26:30 GMT Server: Apache/2.4.6 (Red Hat Enterprise Linux) Foreman_version: 1.7.2 Foreman_api_version: 2 Apipie-Checksum: a60bc49ae5a1e86a952e6cf4d6a3273f X-UA-Compatible: IE=Edge,chrome=1 Cache-Control: must-revalidate, private, max-age=0 X-Request-Id: b0fe3da2475ba633ee9b78711a2922c9 X-Runtime: 0.353607 X-Rack-Cache: miss X-Powered-By: Phusion Passenger 4.0.18 Set-Cookie: _session_id=BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJTgyZjVlYWZmMjU3NjBjM2QxNGQ3YzNlY2YyNzEwOTQ3BjsAVEkiC2xvY2FsZQY7AEZJIgdlbgY7AEY%3D--4dafed25d1e36d8872f5288ff02ef39b8b30947e; path=/; HttpOnly ETag: "88c1d59ff6a305f42957d94bdcdd0a80" Status: 200 OK Connection: close Transfer-Encoding: chunked Content-Type: application/json; charset=utf-8 { "total": 1, "subtotal": 1, "page": 1, "per_page": 20, "search": null, "sort": { "by": null, "order": null }, "results": [{"name":"shost.idmqe.lab.eng.bos.redhat.com","id":4,"ip":"192.168.100.2","environment_id":3,"environment_name":"KT_Default_Organization_Dev_cv_rhel71_2","last_report":"2015-04-29T09:03:12Z","mac":"52:54:00:66:b7:d9","realm_id":null,"realm_name":null,"sp_mac":null,"sp_ip":null,"sp_name":null,"domain_id":1,"domain_name":"idmqe.lab.eng.bos.redhat.com","architecture_id":1,"architecture_name":"x86_64","operatingsystem_id":1,"operatingsystem_name":"RHEL Server 7.1","subnet_id":1,"subnet_name":"libvirt","sp_subnet_id":null,"ptable_id":7,"ptable_name":"Kickstart default","medium_id":7,"medium_name":"Default_Organization/Library/RHEL7/RHEL7_x86_64","build":false,"comment":"","disk":"","installed_at":"2015-04-28T11:32:27Z","model_id":2,"model_name":"KVM","hostgroup_id":1,"hostgroup_name":"sgroup","owner_id":3,"owner_type":"User","enabled":true,"puppet_ca_proxy_id":1,"managed":true,"use_image":null,"image_file":"","uuid":"72be12a2-90bb-4423-98b7-cec1f63d54d3","compute_resource_id":1,"compute_resource_name":"libvirt","compute_profile_id":null,"compute_profile_name":null,"capabilities":["build","image"],"provision_method":"build","puppet_proxy_id":1,"certname":"shost.idmqe.lab.eng.bos.redhat.com","image_id":null,"image_name":null,"created_at":"2015-04-28T11:19:18Z","updated_at":"2015-04-29T09:03:16Z","last_compile":"2015-04-29T09:03:15Z","last_freshcheck":null,"serial":null,"source_file_id":null,"puppet_status":0,"organization_id":1,"organization_name":"Default Organization","location_id":2,"location_name":"Default Location"}] } screenshot attached
Created attachment 1020050 [details] user host
This bug is slated to be released with Satellite 6.1.
This bug was fixed in version 6.1.1 of Satellite which was released on 12 August, 2015.