Bug 1312916 - Some pages return "undefined method `profile=' for nil:NilClass" as non-admin user
Some pages return "undefined method `profile=' for nil:NilClass" as non-admin...
Status: CLOSED ERRATA
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Provisioning Templates (Show other bugs)
6.2.0
Unspecified Unspecified
unspecified Severity high (vote)
: Beta
: --
Assigned To: Justin Sherrill
Chris Duryee
http://projects.theforeman.org/issues...
: Triaged
Depends On:
Blocks: 1255515
  Show dependency treegraph
 
Reported: 2016-02-29 09:12 EST by Justin Sherrill
Modified: 2016-07-27 05:02 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-07-27 05:02:53 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Foreman Issue Tracker 13545 None None None 2016-04-22 11:35 EDT
Red Hat Product Errata RHBA-2016:1500 normal SHIPPED_LIVE Red Hat Satellite 6.2 Base Libraries 2016-07-27 08:24:38 EDT

  None (edit)
Description Justin Sherrill 2016-02-29 09:12:50 EST
Description of problem:

Some pages and api endpoints throw an error on master 


Version-Release number of selected component (if applicable):
6.2.0 (Snap1)

How reproducible:
always

Steps to Reproduce:

1. Create a role with a two filters * unlimited 'view_hosts' * 'view_statistics' under '(Miscellaneous)'
2. Create a user with that role
3. * As that user try to fetch: /api/v2/statistics
   * Try to view applicable errata as that user
   * Try to view installed packages as that user


Expected results:

ISE with:

 | NoMethodError: undefined method `profile=' for nil:NilClass
 | /opt/theforeman/tfm/root/usr/share/gems/gems/scoped_search-3.2.2/lib/scoped_search/query_builder.rb:38:in `initialize'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/scoped_search-3.2.2/lib/scoped_search/query_builder.rb:22:in `new'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/scoped_search-3.2.2/lib/scoped_search/query_builder.rb:22:in `build_query'
 | /usr/share/foreman/app/services/authorizer.rb:85:in `build_filtered_scope_components'
 | /usr/share/foreman/app/services/authorizer.rb:49:in `find_collection'
 | /usr/share/foreman/app/models/concerns/authorizable.rb:21:in `block (2 levels) in <module:Authorizable>'
 | /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/scoping/named.rb:180:in `call'
 | /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/scoping/named.rb:180:in `block (2 levels) in scope'
 | /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/scoping/default.rb:41:in `block in unscoped'
 | /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/relation.rb:241:in `block in scoping'
 | /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/scoping.rb:98:in `with_scope'
 | /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/relation.rb:241:in `scoping'
 | /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/scoping/default.rb:41:in `unscoped'
 | /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/scoping/named.rb:180:in `block in scope'
 | /usr/share/foreman/app/models/concerns/authorizable.rb:66:in `authorized'
 | /usr/share/foreman/app/models/host.rb:15:in `method_missing'



Additional info:
Comment 1 Justin Sherrill 2016-02-29 09:13:28 EST
Connecting redmine issue http://projects.theforeman.org/issues/13545 from this bug
Comment 2 Justin Sherrill 2016-02-29 09:19:11 EST
Two small caveats, in the UI in order to do:

   * fetch: /api/v2/statistics
The user also needs 'view_statistics' under '(miscellaneous)'

in order to:

   * Try to view applicable errata as that user
   * Try to view installed packages as that user

the user also needs:  view_lifecycle_environments, view_content_views, view_organizations, view_products
Comment 3 Bryan Kearney 2016-02-29 10:10:41 EST
Upstream bug component is Provisioning Templates
Comment 5 Chris Duryee 2016-03-24 13:29:01 EDT
How I verified:

* create role with filters mentioned in #0 and #2, add user to role
* register satellite to itself w/ sub-man, install katello-agent

statistics API is viewable (used curl with newly created user), package list for host is viewable, errata page for host is viewable. No stacks in production.log.
Comment 8 errata-xmlrpc 2016-07-27 05:02:53 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1500

Note You need to log in before you can comment on or make changes to this bug.