Bug 1268329 - The same user is able to upload bundle via 'Upload' but not via 'URL'
The same user is able to upload bundle via 'Upload' but not via 'URL'
Status: CLOSED ERRATA
Product: JBoss Operations Network
Classification: JBoss
Component: Content (Show other bugs)
JON 3.3.4
Unspecified Unspecified
medium Severity medium
: ER01
: JON 3.3.6
Assigned To: Josejulio Martínez
Filip Brychta
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-02 10:32 EDT by Filip Brychta
Modified: 2016-07-27 11:31 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-07-27 11:31:00 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
server.log (25.24 KB, text/plain)
2015-10-02 10:32 EDT, Filip Brychta
no flags Details

  None (edit)
Description Filip Brychta 2015-10-02 10:32:01 EDT
Created attachment 1079460 [details]
server.log

Description of problem:
User with given permissions (see later) is able to upload a bundle when using 'Upload' option but is not able to upload the same bundle when using 'URL' option.

Version-Release number of selected component (if applicable):
JON3.3.4.DR1

How reproducible:
Always

Steps to Reproduce:
1. Install, configure and start JBoss ON 3.3 system.
2. Login as rhqadmin
3.  Create a bundle group:

    *   *Name:* `Test01 - Bundle Group`

4.  Create a new user role:

    *   *Permissions:*
        *   *Name:* `Test01 - Bundle Deployer Role`
        *   *Bundle Permissions:*
            *   *Create Bundle In Group:* _Yes_
            *   *Delete Bundle From Group:* _Yes_
            *   *Deploy Bundle To Group:* _Yes_
    *   *Resource Groups:*
        *   *Assigned Resource Groups:* _DynaGroup - Groups by platform ( Linux )_
    *   *Bundle Groups:*
        *   *Assigned Resource Groups:* _Test01 - Bundle Deployer Role_

5.  Create a new user:

    *   *Username:* `tester`
    *   *Password:* `TestUser01`
    *   *First Name:* `Test`
    *   *Last Name:* `User01`
    *   *Email Address:* `testuser01@example.com`
    *   *Assigned Roles:* _Test01 - Bundle Deployer Role_
    
6.  Sign-in as _tester_.
7.  Try to create new bundle using 'URL' option with following url - 'http://web.bc.jonqe.lab.eng.bos.redhat.com/bundle.zip'
8. Try to create new bundle using 'Upload' option with the same bundle 'bundle.zip' located on your localhost.

Actual results:
After step 7:
[1443796011678] org.rhq.enterprise.server.authz.PermissionException:Subject [tester] requires Global CREATE_BUNDLES and VIEW_BUNDLES to create unassigned initial bundle version. -> org.rhq.core.domain.bundle.BundleNotFoundException:null

After step 8:
Bundle is uploaded

Expected results:
Both methods should require the same permissions.

Additional info:
full exception attached
Comment 1 Josejulio Martínez 2016-05-12 11:17:04 EDT
commit 0d3412fea59aa0815797729f70ae1c68ae0fa49a
Merge: 735d2d8 a32a38a
Author: Michael Burman <yak@iki.fi>
Date:   Thu May 12 14:55:36 2016 +0300

    Merge pull request #195 from josejulio/BZ-1268329
    
    Bug 1268329 - The same user is able to upload bundle via 'Upload' but...


commit a32a38a449654b58de1789881ee35e3db4d84f35
Author: jmartine <jmartinez@redhat.com>
Date:   Thu Dec 10 17:52:18 2015 -0600

    Bug 1268329 - The same user is able to upload bundle via 'Upload' but not via 'URL'
    
    Instead of returning the URL as the token, moved to the temp dir to match the special token handling worflow.
    Unpacked the BundleNotFoundException from the RunTimeException that is throw to the client.
    The method was pointing to BundleManager.createBundleVersionViaURL, changed to BundleManager.createOrStoreBundleVersionViaURL.
Comment 3 Simeon Pinder 2016-06-17 21:11:38 EDT
Moving to ON_QA as available to test with JON 3.3.6 DR01 brew build:
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=499890
Comment 4 Filip Brychta 2016-06-27 10:12:39 EDT
Bundle is created successfully but following WARN is thrown to server.log:
10:07:20,396 WARN  [org.rhq.coregui.server.gwt.BundleGWTServiceImpl] (http-0.0.0.0:7080-6) Sending exception to client: [1467036440396] : org.rhq.core.domain.bundle.BundleNotFoundException: [bundle-distribution3559317679160419472.zip]
	at org.rhq.enterprise.server.bundle.BundleManagerBean.createOrStoreBundleVersionViaURL(BundleManagerBean.java:886) [rhq-server.jar:4.12.0.JON330GA-redhat-6]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_79]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_79]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_79]
	at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_79]
	at org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52) [jboss-as-ee-7.5.8.Final-redhat-2.jar:7.5.8.Final-redhat-2]
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
	at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
	at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) [jboss-as-ee-7.5.8.Final-redhat-2.jar:7.5.8.Final-redhat-2]
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
.
.
.

One option is to fix the exception in ER01 or mark this BZ as verified and create new BZ for for the exception.
Comment 5 Josejulio Martínez 2016-06-27 11:51:01 EDT
I'll take a look at it today.
Comment 6 Josejulio Martínez 2016-06-29 10:32:47 EDT
commit 07bf3f15228231161b112e15963f89af5b8376ca
Merge: d94e18d 059a43f
Author: Michael Burman <yak@iki.fi>
Date:   Wed Jun 29 14:56:49 2016 +0300

    Merge pull request #268 from josejulio/bugs/1268329
    
    Bug 1268329 - Removed a WARN in server.log when uploading a Bundle vi…

commit 059a43f3236237b5afd3f624023bf2485be1f5d2
Author: Josejulio Martínez <jmartine@redhat.com>
Date:   Mon Jun 27 13:48:15 2016 -0500

    Bug 1268329 - Removed a WARN in server.log when uploading a Bundle via URL when using the special token handling worflow.
Comment 8 Simeon Pinder 2016-07-07 04:22:44 EDT
Moving to ON_QA as available to test with the following build:
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=502442

Note: 	jon-server-patch-3.3.0.GA.zip maps to JON 3.3.6(jon-server-3.3.0.GA-update-06.zip)
Comment 11 errata-xmlrpc 2016-07-27 11:31:00 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-1519.html

Note You need to log in before you can comment on or make changes to this bug.