Description of problem: In a tenant you are unable to see your parent's templates Version-Release number of selected component (if applicable): 5.5.0.13.20151201120956_653c0d4 How reproducible: Always Steps to Reproduce: 1. create a tenant and a user in that tenant. 2. VM -> Lifecycle -> Provision 3. No templates are found Actual results: RBAC is currently not picking up templates from parent lineage Expected results: templates are shown. Additional info: workaround to currently duplicate a template and assign ownership to the user or group that the tenant uses, which causes it to be found depending on user/group owned setting in group.
PR: https://github.com/ManageIQ/manageiq/pull/5898
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/49151b0d97e24bd4b6049443bdbc90fee971b3db commit 49151b0d97e24bd4b6049443bdbc90fee971b3db Author: Gregg Tanzillo <gtanzill> AuthorDate: Thu Dec 17 17:51:22 2015 -0500 Commit: Gregg Tanzillo <gtanzill> CommitDate: Mon Jan 4 21:06:43 2016 -0500 Tenancy scoping for vms and templates - Added logic to handle different scoping rules for vm and templates where both classes derive from the same base model, VmOrTemplate, and share the same table, vms. - Templates owned by the current tenant and all parent tenants (ancestors) should be accessible current tenant. - Vms owned by the current tenant and all child tenants (descendants) should be accessible from the current tenant. - There are places in the app that require RBAC searching on both classes at the same time, making this change necessary. https://bugzilla.redhat.com/show_bug.cgi?id=1292285 app/models/mixins/tenancy_mixin.rb | 7 +++++ app/models/rbac.rb | 7 ++--- app/models/vm_or_template.rb | 8 ++++++ spec/models/rbac_spec.rb | 56 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 74 insertions(+), 4 deletions(-)
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/8dcfafc93fe5584fbe3e0359656e0b2550259af4 commit 8dcfafc93fe5584fbe3e0359656e0b2550259af4 Author: Gregg Tanzillo <gtanzill> AuthorDate: Mon Jan 4 21:39:44 2016 -0500 Commit: Gregg Tanzillo <gtanzill> CommitDate: Mon Jan 4 21:39:44 2016 -0500 Tenancy scoping for vms and templates - Use let instead of instance vars. - Use ! on update_attributes per PR suggestion. https://bugzilla.redhat.com/show_bug.cgi?id=1292285 spec/models/rbac_spec.rb | 52 ++++++++++++++++++++++-------------------------- 1 file changed, 24 insertions(+), 28 deletions(-)
New commit detected on cfme/5.5.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=5687a9ef1620571af34be510df70bb51a602ead7 commit 5687a9ef1620571af34be510df70bb51a602ead7 Author: Gregg Tanzillo <gtanzill> AuthorDate: Thu Dec 17 17:51:22 2015 -0500 Commit: Gregg Tanzillo <gtanzill> CommitDate: Tue Jan 5 17:54:12 2016 -0500 Tenancy scoping for vms and templates - Added logic to handle different scoping rules for vm and templates where both classes derive from the same base model, VmOrTemplate, and share the same table, vms. - Templates owned by the current tenant and all parent tenants (ancestors) should be accessible current tenant. - Vms owned by the current tenant and all child tenants (descendants) should be accessible from the current tenant. - There are places in the app that require RBAC searching on both classes at the same time, making this change necessary. https://bugzilla.redhat.com/show_bug.cgi?id=1292285 app/models/mixins/tenancy_mixin.rb | 7 +++++ app/models/rbac.rb | 7 ++--- app/models/vm_or_template.rb | 8 ++++++ spec/models/rbac_spec.rb | 56 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 74 insertions(+), 4 deletions(-)
New commit detected on cfme/5.5.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=bca1ebf9f39f76f0e3c952fa3b1d997143273c28 commit bca1ebf9f39f76f0e3c952fa3b1d997143273c28 Merge: ed55df7 5687a9e Author: Dan Clarizio <dclarizi> AuthorDate: Wed Jan 6 11:41:08 2016 -0500 Commit: Dan Clarizio <dclarizi> CommitDate: Wed Jan 6 11:41:08 2016 -0500 Merge branch 'bz-1292285-tenant-accessibility-ds' into '5.5.z' Tenancy scoping for vms and templates - Added logic to handle different scoping rules for vm and templates where both classes derive from the same base model, VmOrTemplate, and share the same table, vms. - Templates owned by the current tenant and all parent tenants (ancestors) should be accessible current tenant. - Vms owned by the current tenant and all child tenants (descendants) should be accessible from the current tenant. - There are places in the app that require RBAC searching on both classes at the same time, making this change necessary. https://bugzilla.redhat.com/show_bug.cgi?id=1292285 5.5.2 BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1293373 This was a clean cherry-pick from https://github.com/ManageIQ/manageiq/pull/5898 - I didn't pull the second commit because it was mainly for test compatibility with other changes made to master. See merge request !676 app/models/mixins/tenancy_mixin.rb | 7 +++++ app/models/rbac.rb | 7 ++--- app/models/vm_or_template.rb | 8 ++++++ spec/models/rbac_spec.rb | 56 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 74 insertions(+), 4 deletions(-)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1348