Bug 1312916 - Some pages return "undefined method `profile=' for nil:NilClass" as non-admin user
Summary: Some pages return "undefined method `profile=' for nil:NilClass" as non-admin...
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Provisioning Templates
Version: 6.2.0
Hardware: Unspecified
OS: Unspecified
high vote
Target Milestone: Unspecified
Assignee: Justin Sherrill
QA Contact: Chris Duryee
URL: http://projects.theforeman.org/issues...
Depends On:
Blocks: 1255515
TreeView+ depends on / blocked
Reported: 2016-02-29 14:12 UTC by Justin Sherrill
Modified: 2019-09-25 20:40 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2016-07-27 09:02:53 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Foreman Issue Tracker 13545 None None None 2016-04-22 15:35:50 UTC
Red Hat Product Errata RHBA-2016:1500 normal SHIPPED_LIVE Red Hat Satellite 6.2 Base Libraries 2016-07-27 12:24:38 UTC

Description Justin Sherrill 2016-02-29 14:12:50 UTC
Description of problem:

Some pages and api endpoints throw an error on master 

Version-Release number of selected component (if applicable):
6.2.0 (Snap1)

How reproducible:

Steps to Reproduce:

1. Create a role with a two filters * unlimited 'view_hosts' * 'view_statistics' under '(Miscellaneous)'
2. Create a user with that role
3. * As that user try to fetch: /api/v2/statistics
   * Try to view applicable errata as that user
   * Try to view installed packages as that user

Expected results:

ISE with:

 | NoMethodError: undefined method `profile=' for nil:NilClass
 | /opt/theforeman/tfm/root/usr/share/gems/gems/scoped_search-3.2.2/lib/scoped_search/query_builder.rb:38:in `initialize'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/scoped_search-3.2.2/lib/scoped_search/query_builder.rb:22:in `new'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/scoped_search-3.2.2/lib/scoped_search/query_builder.rb:22:in `build_query'
 | /usr/share/foreman/app/services/authorizer.rb:85:in `build_filtered_scope_components'
 | /usr/share/foreman/app/services/authorizer.rb:49:in `find_collection'
 | /usr/share/foreman/app/models/concerns/authorizable.rb:21:in `block (2 levels) in <module:Authorizable>'
 | /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/scoping/named.rb:180:in `call'
 | /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/scoping/named.rb:180:in `block (2 levels) in scope'
 | /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/scoping/default.rb:41:in `block in unscoped'
 | /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/relation.rb:241:in `block in scoping'
 | /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/scoping.rb:98:in `with_scope'
 | /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/relation.rb:241:in `scoping'
 | /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/scoping/default.rb:41:in `unscoped'
 | /opt/rh/ruby193/root/usr/share/gems/gems/activerecord-3.2.8/lib/active_record/scoping/named.rb:180:in `block in scope'
 | /usr/share/foreman/app/models/concerns/authorizable.rb:66:in `authorized'
 | /usr/share/foreman/app/models/host.rb:15:in `method_missing'

Additional info:

Comment 1 Justin Sherrill 2016-02-29 14:13:28 UTC
Connecting redmine issue http://projects.theforeman.org/issues/13545 from this bug

Comment 2 Justin Sherrill 2016-02-29 14:19:11 UTC
Two small caveats, in the UI in order to do:

   * fetch: /api/v2/statistics
The user also needs 'view_statistics' under '(miscellaneous)'

in order to:

   * Try to view applicable errata as that user
   * Try to view installed packages as that user

the user also needs:  view_lifecycle_environments, view_content_views, view_organizations, view_products

Comment 3 Bryan Kearney 2016-02-29 15:10:41 UTC
Upstream bug component is Provisioning Templates

Comment 5 Chris Duryee 2016-03-24 17:29:01 UTC
How I verified:

* create role with filters mentioned in #0 and #2, add user to role
* register satellite to itself w/ sub-man, install katello-agent

statistics API is viewable (used curl with newly created user), package list for host is viewable, errata page for host is viewable. No stacks in production.log.

Comment 8 errata-xmlrpc 2016-07-27 09:02:53 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.