Bug 1315580 - Unable to modify user roles if administrator has more than 5 locations assigned
Summary: Unable to modify user roles if administrator has more than 5 locations assigned
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Users & Roles
Version: 6.1.7
Hardware: All
OS: Linux
unspecified
medium vote
Target Milestone: Unspecified
Assignee: Dominik Hlavac Duran
QA Contact: Jitendra Yejare
URL:
Whiteboard:
Depends On:
Blocks: 1327373 1373844
TreeView+ depends on / blocked
 
Reported: 2016-03-08 06:33 UTC by dgupte
Modified: 2019-11-14 07:33 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1327373 (view as bug list)
Environment:
Last Closed: 2018-02-21 16:33:14 UTC
Target Upstream Version:


Attachments (Terms of Use)
[Failed QA] Screenshot Attached (93.97 KB, image/png)
2016-04-18 13:49 UTC, Jitendra Yejare
no flags Details


Links
System ID Priority Status Summary Last Updated
Foreman Issue Tracker 13515 None None None 2016-03-10 11:00:43 UTC
Foreman Issue Tracker 14101 None None None 2016-08-22 14:22:08 UTC
Red Hat Product Errata RHBA-2016:1500 normal SHIPPED_LIVE Red Hat Satellite 6.2 Base Libraries 2016-07-27 12:24:38 UTC

Description dgupte 2016-03-08 06:33:52 UTC
Description of problem:

If an admin user has 6 or more locations selected in thier profile, they are unable to add/modify filters within roles. Foreman throws an exception:

Foreman::Exception
ERF42-5434 [Foreman::Exception]: unknown permission view_[#<location id: 2, name: "default location", type: "location", created_at: "2015_12_06 06:42:47", updated_at: "2015_12_07 10:53:59", ignore_types: ["config_template", "hostgroup"], description: "", label: nil, apply_info_task_id: nil, ancestry: nil, title: "default location", katello_default: true>, #<location id: 3, name: "location 2", type: "location", created_at: "2016_03_07 09:07:48", updated_at: "2016_03_07 09:07:48", ignore_types: ["config_template", "hostgroup"], description: "", label: nil, apply_info_task_id: nil, ancestry: nil, title: "location 2", katello_default: false>, #<location id: 4, name: "location 3", type: "location", created_at: "2016_03_07 09:07:57", updated_at: "2016_03_07 09:07:57", ignore_types: ["config_template", "hostgroup"], description: "", label: nil, apply_info_task_id: nil, ancestry: nil, title: "location 3", katello_default: false>, #<location id: 5, name: "location 4", type: "location", created_at: "2016_03_07 09:08:06", updated_at: "2016_03_07 09:08:06", ignore_types: ["config_template", "hostgroup"], description: "", label: nil, apply_info_task_id: nil, ancestry: nil, title: "location 4", katello_default: false>, #<location id: 6, name: "location 5", type: "location", created_at: "2016_03_07 09:08:18", updated_at: "2016_03_07 09:08:18", ignore_types: ["config_template", "hostgroup"], description: "", label: nil, apply_info_task_id: nil, ancestry: nil, title: "location 5", katello_default: false>, #<location id: 7, name: "location 6", type: "location", created_at: "2016_03_07 09:08:27", updated_at: "2016_03_07 09:08:27", ignore_types: ["config_template", "hostgroup"], description: "", label: nil, apply_info_task_id: nil, ancestry: nil, title: "location 6", katello_default: false>]s
app/services/association_authorizer.rb:22:in `permission_name'
app/services/association_authorizer.rb:9:in `authorized_associations'
app/helpers/layout_helper.rb:88:in `multiple_selects'
app/helpers/layout_helper.rb:77:in `multiple_checkboxes'
app/views/filters/_form.html.erb:59:in `block in _app_views_filters__form_html_erb__871466624565032905_124111020'
app/helpers/layout_helper.rb:270:in `form_for'
app/views/filters/_form.html.erb:3:in `_app_views_filters__form_html_erb__871466624565032905_124111020'
app/views/filters/new.html.erb:3:in `_app_views_filters_new_html_erb__2340989174377580389_124043560'
app/models/concerns/foreman/thread_session.rb:33:in `clear_thread'
lib/middleware/catch_json_parse_errors.rb:9:in `call'

Version-Release number of selected component (if applicable):
Satellite 6.1.7

How reproducible:
Always

Steps to Reproduce:

1. Define multiple locations within Satellite (Administer -> Locations)
2. Have a test admin user configured with 6 or more locations selected (Administer -> Users -> {user} -> Locations)
3. Login as the test admin user, navigate to Administer -> Roles
4. Create a new role, or select an existing role, select the Filters tab and click New Filter

Actual results:
It throws error "Oops, we're sorry but something went wrong" with trackback "ERF42-5434 [Foreman::Exception]: unknown permission view_"

Expected result -
New filter dialog is presented allowing user to add various permission sets to the role

Comment 1 Kenny Tordeurs 2016-03-10 10:10:47 UTC
This issue can be resolved by applying the following workaround from upstream http://projects.theforeman.org/issues/13515

/usr/share/foreman/app/services/association_authorizer.rb

~~~
def self.permission_name(klass, permission, should_raise_exception)
+    klass = klass.first if klass.is_a?(Array)
+   klass = klass.class unless klass.is_a?(Class)
    suffix = klass.respond_to?(:permission_name) ? klass.permission_name : klass.to_s.underscore.pluralize
    permission = "#{permission}_#{suffix}" 
    if Permission.where(:name => permission).present?
      permission
    elsif should_raise_exception
      raise Foreman::Exception.new(N_('unknown permission %s'), permission)
    else
      false
    end
  end
~~~

Comment 7 Jitendra Yejare 2016-04-18 13:49:29 UTC
Created attachment 1148220 [details]
[Failed QA] Screenshot Attached

Comment 8 Jitendra Yejare 2016-04-18 13:49:46 UTC
Attempt to Verify this issue in Sat 6.2 snap 8.2 

The issue is still reproducible. The error on attempt to create a filter is thrown as 'Oops, we're sorry but something went wrong ERF42-5434 [Foreman::Exception]: unknown permission view_taxonomies'.

Moving it to Failed QA. Screenshot Attached.

Comment 10 Bryan Kearney 2016-04-27 19:17:49 UTC
Upstream bug assigned to tcaspy@redhat.com

Comment 14 errata-xmlrpc 2016-07-27 09:05:00 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1500

Comment 17 Jitendra Yejare 2017-02-22 09:24:21 UTC
Verified !

@ Satellite 6.2.7

Tested this issue on Satellite 6.2.7, and confirming that this is fixed in 6.2.

Test Steps:

1. Created multiple locations within Satellite
2. Created a TestAdmin user configured with 6 or more locations selected
3. Logged in satellite as the TestAdmin user
4. Selected an existing role(also tried by creating new role), and attempted to create a New Filter.

Result:

As expected, the Filter is created without any error message.


Note:
Just need to test on 6.3 before changing the status to Verified.

Comment 18 Oleksandr Shtaier 2017-06-21 22:46:38 UTC
Verified both for 6.2.10 and 6.3 by automation scripts. Filter is created successfully

Comment 19 Bryan Kearney 2018-02-21 16:33:14 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336


Note You need to log in before you can comment on or make changes to this bug.