Bug 1315580 - Unable to modify user roles if administrator has more than 5 locations assigned
Unable to modify user roles if administrator has more than 5 locations assigned
Status: CLOSED ERRATA
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Users & Roles (Show other bugs)
6.1.7
All Linux
unspecified Severity medium (vote)
: GA
: --
Assigned To: Dominik Hlavac Duran
Jitendra Yejare
: Reopened, Triaged
Depends On:
Blocks: 1373844 1327373
  Show dependency treegraph
 
Reported: 2016-03-08 01:33 EST by dgupte
Modified: 2018-02-21 11:33 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1327373 (view as bug list)
Environment:
Last Closed: 2018-02-21 11:33:14 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
[Failed QA] Screenshot Attached (93.97 KB, image/png)
2016-04-18 09:49 EDT, Jitendra Yejare
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Foreman Issue Tracker 13515 None None None 2016-03-10 06:00 EST
Foreman Issue Tracker 14101 None None None 2016-08-22 10:22 EDT

  None (edit)
Description dgupte 2016-03-08 01:33:52 EST
Description of problem:

If an admin user has 6 or more locations selected in thier profile, they are unable to add/modify filters within roles. Foreman throws an exception:

Foreman::Exception
ERF42-5434 [Foreman::Exception]: unknown permission view_[#<location id: 2, name: "default location", type: "location", created_at: "2015_12_06 06:42:47", updated_at: "2015_12_07 10:53:59", ignore_types: ["config_template", "hostgroup"], description: "", label: nil, apply_info_task_id: nil, ancestry: nil, title: "default location", katello_default: true>, #<location id: 3, name: "location 2", type: "location", created_at: "2016_03_07 09:07:48", updated_at: "2016_03_07 09:07:48", ignore_types: ["config_template", "hostgroup"], description: "", label: nil, apply_info_task_id: nil, ancestry: nil, title: "location 2", katello_default: false>, #<location id: 4, name: "location 3", type: "location", created_at: "2016_03_07 09:07:57", updated_at: "2016_03_07 09:07:57", ignore_types: ["config_template", "hostgroup"], description: "", label: nil, apply_info_task_id: nil, ancestry: nil, title: "location 3", katello_default: false>, #<location id: 5, name: "location 4", type: "location", created_at: "2016_03_07 09:08:06", updated_at: "2016_03_07 09:08:06", ignore_types: ["config_template", "hostgroup"], description: "", label: nil, apply_info_task_id: nil, ancestry: nil, title: "location 4", katello_default: false>, #<location id: 6, name: "location 5", type: "location", created_at: "2016_03_07 09:08:18", updated_at: "2016_03_07 09:08:18", ignore_types: ["config_template", "hostgroup"], description: "", label: nil, apply_info_task_id: nil, ancestry: nil, title: "location 5", katello_default: false>, #<location id: 7, name: "location 6", type: "location", created_at: "2016_03_07 09:08:27", updated_at: "2016_03_07 09:08:27", ignore_types: ["config_template", "hostgroup"], description: "", label: nil, apply_info_task_id: nil, ancestry: nil, title: "location 6", katello_default: false>]s
app/services/association_authorizer.rb:22:in `permission_name'
app/services/association_authorizer.rb:9:in `authorized_associations'
app/helpers/layout_helper.rb:88:in `multiple_selects'
app/helpers/layout_helper.rb:77:in `multiple_checkboxes'
app/views/filters/_form.html.erb:59:in `block in _app_views_filters__form_html_erb__871466624565032905_124111020'
app/helpers/layout_helper.rb:270:in `form_for'
app/views/filters/_form.html.erb:3:in `_app_views_filters__form_html_erb__871466624565032905_124111020'
app/views/filters/new.html.erb:3:in `_app_views_filters_new_html_erb__2340989174377580389_124043560'
app/models/concerns/foreman/thread_session.rb:33:in `clear_thread'
lib/middleware/catch_json_parse_errors.rb:9:in `call'

Version-Release number of selected component (if applicable):
Satellite 6.1.7

How reproducible:
Always

Steps to Reproduce:

1. Define multiple locations within Satellite (Administer -> Locations)
2. Have a test admin user configured with 6 or more locations selected (Administer -> Users -> {user} -> Locations)
3. Login as the test admin user, navigate to Administer -> Roles
4. Create a new role, or select an existing role, select the Filters tab and click New Filter

Actual results:
It throws error "Oops, we're sorry but something went wrong" with trackback "ERF42-5434 [Foreman::Exception]: unknown permission view_"

Expected result -
New filter dialog is presented allowing user to add various permission sets to the role
Comment 1 Kenny Tordeurs 2016-03-10 05:10:47 EST
This issue can be resolved by applying the following workaround from upstream http://projects.theforeman.org/issues/13515

/usr/share/foreman/app/services/association_authorizer.rb

~~~
def self.permission_name(klass, permission, should_raise_exception)
+    klass = klass.first if klass.is_a?(Array)
+   klass = klass.class unless klass.is_a?(Class)
    suffix = klass.respond_to?(:permission_name) ? klass.permission_name : klass.to_s.underscore.pluralize
    permission = "#{permission}_#{suffix}" 
    if Permission.where(:name => permission).present?
      permission
    elsif should_raise_exception
      raise Foreman::Exception.new(N_('unknown permission %s'), permission)
    else
      false
    end
  end
~~~
Comment 7 Jitendra Yejare 2016-04-18 09:49 EDT
Created attachment 1148220 [details]
[Failed QA] Screenshot Attached
Comment 8 Jitendra Yejare 2016-04-18 09:49:46 EDT
Attempt to Verify this issue in Sat 6.2 snap 8.2 

The issue is still reproducible. The error on attempt to create a filter is thrown as 'Oops, we're sorry but something went wrong ERF42-5434 [Foreman::Exception]: unknown permission view_taxonomies'.

Moving it to Failed QA. Screenshot Attached.
Comment 10 Bryan Kearney 2016-04-27 15:17:49 EDT
Upstream bug assigned to tcaspy@redhat.com
Comment 14 errata-xmlrpc 2016-07-27 05:05:00 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1500
Comment 17 Jitendra Yejare 2017-02-22 04:24:21 EST
Verified !

@ Satellite 6.2.7

Tested this issue on Satellite 6.2.7, and confirming that this is fixed in 6.2.

Test Steps:

1. Created multiple locations within Satellite
2. Created a TestAdmin user configured with 6 or more locations selected
3. Logged in satellite as the TestAdmin user
4. Selected an existing role(also tried by creating new role), and attempted to create a New Filter.

Result:

As expected, the Filter is created without any error message.


Note:
Just need to test on 6.3 before changing the status to Verified.
Comment 18 Oleksandr Shtaier 2017-06-21 18:46:38 EDT
Verified both for 6.2.10 and 6.3 by automation scripts. Filter is created successfully
Comment 19 Bryan Kearney 2018-02-21 11:33:14 EST
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336

Note You need to log in before you can comment on or make changes to this bug.