1389251 – User is not able to edit her profile - Connect Automatically and SSH Public Key options

Bug 1389251 - User is not able to edit her profile - Connect Automatically and SSH Public Key options

Summary: User is not able to edit her profile - Connect Automatically and SSH Public K...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	ovirt-engine
Classification:	oVirt
Component:	AAA
Sub Component:
Version:	4.0.5.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	ovirt-4.0.6
Target Release:	4.0.6
Assignee:	Ravi Nori
QA Contact:	Jiri Belka
Docs Contact:
URL:
Whiteboard:
Duplicates (2):	1389211 1391097 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-10-27 09:39 UTC by Jiri Belka
Modified:	2017-01-18 07:28 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-01-18 07:28:55 UTC
oVirt Team:	Infra
Embargoed:
Dependent Products:
Flags:	rule-engine: ovirt-4.0.z+ rule-engine: blocker+ mgoldboi: planning_ack+ oourfali: devel_ack+ pstehlik: testing_ack+

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
oVirt gerrit	65850	master	MERGED	engine : User is not able to edit profile	2020-06-25 21:32:15 UTC
oVirt gerrit	65947	master	MERGED	aaa: Update user info after login	2020-06-25 21:32:15 UTC
oVirt gerrit	66082	ovirt-engine-4.0	MERGED	engine : User is not able to edit profile	2020-06-25 21:32:15 UTC

Description Jiri Belka 2016-10-27 09:39:39 UTC

Description of problem:

User is not able to edit her profile - Connect Automatically and SSH Public Key options, this is little bit annoying.

It seems UserProfileEditor should be assinged to Everyone but this is not the case.

~~~
Operation Canceled
Error while executing action: User is not authorized to perform this action.
~~~

~~~
2016-10-27 09:29:36,705 DEBUG [org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl] (default task-13) [] Action type 'AddUserProfile', Parameters 'UserProfileParameters:{commandId='null', user='null', commandType='Unknown'}'
2016-10-27 09:29:36,705 DEBUG [org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl] (default task-13) [] IP '10.34.130.200', Session ID 'cmuQB0i_Z4AC9irKP6p8qa5LycsfmxCoy9Y4jAJB'
2016-10-27 09:29:36,707 DEBUG [org.ovirt.engine.core.bll.Backend] (default task-13) [] Executing command AddUserProfile for user user2.com.com.
2016-10-27 09:29:36,710 DEBUG [org.ovirt.engine.core.bll.AddUserProfileCommand] (default task-13) [6203a4ba] Checking whether user 'e1cab3b7-04dd-41c6-86e3-6815580bbe6f' or one of the groups he is member of, have the following permissions:  ID: e1cab3b7-04dd-41c6-86e3-6815580bbe6f Type: SystemAction group EDIT_PROFILE with role type USER
2016-10-27 09:29:36,713 DEBUG [org.ovirt.engine.core.bll.AddUserProfileCommand] (default task-13) [6203a4ba] No permission found for user when running action 'AddUserProfile', on object 'System' for action group 'EDIT_PROFILE' with id 'e1cab3b7-04dd-41c6-86e3-6815580bbe6f'.
2016-10-27 09:29:36,713 INFO  [org.ovirt.engine.core.bll.AddUserProfileCommand] (default task-13) [6203a4ba] No permission found for user 'e1cab3b7-04dd-41c6-86e3-6815580bbe6f' or one of the groups he is member of, when running action 'AddUserProfile', Required permissions are: Action type: 'USER' Action group: 'EDIT_PROFILE' Object type: 'System'  Object ID: 'e1cab3b7-04dd-41c6-86e3-6815580bbe6f'.
2016-10-27 09:29:36,713 WARN  [org.ovirt.engine.core.bll.AddUserProfileCommand] (default task-13) [6203a4ba] Validation of action 'AddUserProfile' failed for user user2.com.com. Reasons: VAR__ACTION__ADD,VAR__TYPE__USER_PROFILE,USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
~~~

~~~
engine=# select * from permissions_view  where owner_name = 'Everyone' and role_name like '%Profile%';
                  id                  |               role_id                |            ad_element_id             |              object_id               | object_type_id |     role_name      | role_type | allow
s_viewing_children | app_mode | object_name | owner_name | namespace | authz | creation_date 
--------------------------------------+--------------------------------------+--------------------------------------+--------------------------------------+----------------+--------------------+-----------+------
-------------------+----------+-------------+------------+-----------+-------+---------------
 0000000b-000b-000b-000b-0000000001d5 | def0000a-0000-0000-0000-def000000010 | eee00000-0000-0000-0000-123456789eee | 0000000a-000a-000a-000a-000000000398 |             27 | VnicProfileUser    |         2 | f    
                   |        1 | ovirtmgmt   | Everyone   | *         |       |    1464176821
 00000019-0019-0019-0019-0000000001e7 | def00017-0000-0000-0000-def000000017 | eee00000-0000-0000-0000-123456789eee | 0000000e-000e-000e-000e-0000000003a7 |             30 | CpuProfileOperator |         2 | f    
                   |        1 | Default     | Everyone   | *         |       |    1464176833
 b07036d5-19ad-41fc-9adc-b3d93658d9ed | def00020-0000-0000-0000-abc000000010 | eee00000-0000-0000-0000-123456789eee | 71a670d1-cc8a-4409-b432-b0cfebc7b279 |             29 | DiskProfileUser    |         2 | f    
                   |        1 | jb-rhevm40  | Everyone   | *         |       |    1464188434
 f5cbc0aa-69d2-480f-be87-f519f474f1b8 | def00020-0000-0000-0000-abc000000010 | eee00000-0000-0000-0000-123456789eee | 19c7437d-f6a7-4bea-8e82-c2325cd43ab3 |             29 | DiskProfileUser    |         2 | f    
                   |        1 |             | Everyone   | *         |       |    1470141808
 e3e3bc1e-2e67-4fbb-ae0c-e793cf228e88 | def00017-0000-0000-0000-def000000017 | eee00000-0000-0000-0000-123456789eee | 03d9f80a-9fcb-4248-9691-d551e7756c29 |             30 | CpuProfileOperator |         2 | f    
                   |        1 | test        | Everyone   | *         |       |    1477293622
(5 rows)
~~~

Version-Release number of selected component (if applicable):
4.0.5-3

How reproducible:
100%

Steps to Reproduce:
1. login to User Portal and change option not to automatically connect to console
2.
3.

Actual results:
not possible, auth error

Expected results:
should work

Additional info:

Comment 1 Jiri Belka 2016-10-27 09:42:56 UTC

putting Regression keyword as enabling/disabling auto-connect feature used to work in previous versions.

Comment 2 Ravi Nori 2016-10-30 04:06:03 UTC

*** Bug 1389211 has been marked as a duplicate of this bug. ***

Comment 3 Red Hat Bugzilla Rules Engine 2016-10-30 14:24:57 UTC

This bug report has Keywords: Regression or TestBlocker.
Since no regressions or test blockers are allowed between releases, it is also being identified as a blocker for this release. Please resolve ASAP.

Comment 4 Ravi Nori 2016-11-03 15:12:36 UTC

*** Bug 1390844 has been marked as a duplicate of this bug. ***

Comment 5 Ravi Nori 2016-11-03 15:15:01 UTC

*** Bug 1391097 has been marked as a duplicate of this bug. ***

Comment 6 Ravi Nori 2016-11-03 15:17:31 UTC

I checked the system in question and looks like the System permission UserProfileEditor for Everyone was removed.

This can be fixed by adding the System permission for admin and then updating the permissions table

 update permissions set ad_element_id = 'eee00000-0000-0000-0000-123456789eee' 
 where role_id in (select roles.id from roles where roles.name = 'UserProfileEditor');

Comment 7 Ravi Nori 2016-11-03 15:47:38 UTC

Or you can directly insert the permissions

SELECT insertpermission(
    'eee00000-0000-0000-0000-123456789eee',
    '56ab2888-a1dc-11e6-82ab-104a7da11e4a',
    'def00021-0000-0000-0000-def000000015',
    'aaa00000-0000-0000-0000-123456789aaa',
    1
);

Comment 8 Jiri Belka 2016-12-05 14:51:42 UTC

ok, with an IPA user just with UserRole on a cluster.

ovirt-engine-backend-4.0.6.1-0.1.el7ev.noarch

engine=# select login_name,ssh_public_key from user_profiles_view ;
-[ RECORD 1 ]--+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
login_name     | user1.com
ssh_public_key | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7deq1vJOnb+/Ee1hL2+z+D6UbiI+Ww8sAoMl62PSJfKa7xgYG+B3pArtoa7lc9krs9hKQ+L7gh65ekaXNRCY+CrCWgrT8+rnPGFubbxiVzYS2z+koA+nZ/1RTu7GPFupsQUutQniG4X3kurUlLQldhm9wsoA8Fyc2Se//Fr0uqJw4LrLraGRS4cLaAh1dIv78/ymZyWj4V7xB5B9/Fq9J3+SA/UR1px3TKM9/V5SyzbJJ9d5I/2PjYv8AAtmzqA87PwNtfMGFEtM3ze1MlaQnzsYAOg84TM9UYieiUeVdpfnM7hIhHiqSTTNTaN0mtsGAA2g2lf+kccft6CeichAb

Note You need to log in before you can comment on or make changes to this bug.