Bug 1301714 - Cannot not approve VM provision requests in the UI
Cannot not approve VM provision requests in the UI
Status: CLOSED ERRATA
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - OPS (Show other bugs)
5.5.0
All All
high Severity high
: GA
: 5.5.2
Assigned To: Keenan Brock
Pete Savage
: ZStream
Depends On: 1301631
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-25 13:58 EST by Chris Pelland
Modified: 2016-02-10 10:36 EST (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1301631
Environment:
Last Closed: 2016-02-10 10:36:11 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Comment 1 John Prause 2016-01-27 10:13:18 EST
Here are the details of the MR for the 5.5.2.3 build:

New commit detected on cfme/5.5.z:
https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=35fd2d3d6403493a8411c7250944007a6586ab9b

commit 35fd2d3d6403493a8411c7250944007a6586ab9b
Author:     Keenan Brock <kbrock@redhat.com>
AuthorDate: Tue Jan 26 11:09:31 2016 -0500
Commit:     Greg McCullough <gmccullo@redhat.com>
CommitDate: Tue Jan 26 18:29:49 2016 -0500

    FIX: Approve Vm provisioning in UI
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1301631
    
    The workflow requester is set to the current_user.
    The group context for the request was then being set in the the
    current_user, corrupting it.
    
    Changes:
    
    1. MiqRequestWorkflow#requester = MiqRequest#requester
    so the correct dialogs will be displayed.
    2. Requester is cloned before setting the group as a precaution.
    
    This assumes the viewer and administrator can see the resources that
    the requester has access to view as well.

 app/controllers/application_controller/miq_request_methods.rb | 2 +-
 app/models/miq_request_workflow.rb                            | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)
Comment 3 Pete Savage 2016-02-05 06:47:37 EST
What is the correct way to create a role without approve rights?
Comment 4 Keenan Brock 2016-02-05 15:11:16 EST
Pete,

I think a self service user does not have approval rights.

The bug is when an admin (with privs and many groups) views a request,
the admin is moved into the group of the user who created the request.

So privileges go away, since the buttons are based upon the user's group in the view.

Kevin Morey created the ticket and may be able to help you reproduce.
Comment 5 Dave Johnson 2016-02-08 22:35:54 EST
Using admin user, I created a provision request for 3 vms, which does not get automatic approval because gt 1, then I was able to approve it.  Also tried deny without issue.  Good to go.
Comment 6 errata-xmlrpc 2016-02-10 10:36:11 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:0159

Note You need to log in before you can comment on or make changes to this bug.