1390833 – User with 'Admin User' role can not change their their location and organization in Satellite 6.2

Bug 1390833 - User with 'Admin User' role can not change their their location and organization in Satellite 6.2

Summary: User with 'Admin User' role can not change their their location and organizat...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Users & Roles
Sub Component:
Version:	6.2.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium vote
Target Milestone:	Unspecified
Assignee:	satellite6-bugs
QA Contact:	Dominik Hlavac Duran
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-11-02 03:53 UTC by Ashfaqur Rahaman
Modified:	2021-06-10 11:38 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-02-21 16:44:25 UTC
Target Upstream Version:

Attachments	(Terms of Use)
potential patch (433 bytes, patch) 2016-11-23 10:08 UTC, Marek Hulan	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1428545	0	medium	CLOSED	If you're an admin of a sub org and you try modifying the orgs you have access to, it will incorrectly say successful	2021-06-10 11:59:51 UTC

Internal Links: 1428545

Description Ashfaqur Rahaman 2016-11-02 03:53:07 UTC

Description of problem:

'Administrator' role on an individual user and being apart of a group that has the 'Admin' role do not result in the same experience.

Version-Release number of selected component (if applicable):


How reproducible:
100% 

Steps to Reproduce:
1. Create a user tuser1,tuser2
2. Go to user group and create a group tgroup 
3. open tgroup properties and select tuser1,tuser2 and tick "Admin User"
4. Submit
5. Go to Administrator > User. notice that tuser1 and tuser2 will shown as "Administrator" ticked.  
6. login as tuser1 or tuser2, try to change "Location" or "Orgnaization"


Actual results:
- Organization or location will not change when the user is a member of "Admin user" group. 

Expected results:
- Successfully change the organization and location

Additional info:

However, if the user has been grant "Administrator" privileged individually, he will be able to change the group.

Comment 2 Ashfaqur Rahaman 2016-11-05 00:15:15 UTC

Another symptom of the issue : 

When we run "remote execution jobs" with users from 'Admin' group on nodes outside of the org/location they belong to, it will fail. However, it works fine for 'Administrator' users no matter what is the org/location setting.

Comment 3 Marek Hulan 2016-11-23 09:53:49 UTC

I can't reproduce with Satellite 6.2.4 but I can see there is a slightly different behavior for admins with permission granted by user group. Ashfaqur, could you provide a reproducing environment please? The remote execution issue is reported as BZ 1397185 already.

Comment 4 Marek Hulan 2016-11-23 10:08:10 UTC

Created attachment 1223119 [details]
potential patch

Comment 5 Marek Hulan 2016-11-23 10:09:07 UTC

This might be the issue tracked as http://projects.theforeman.org/issues/17458, could you please check whether the attached patch helps? You need to restart httpd after applying it.

Comment 6 Ashfaqur Rahaman 2016-12-05 02:33:59 UTC

Hello Marek, 

I tried the patch. It looks it went through:

---
# patch -p1 < /tmp/taxonomix.patch 
patching file app/models/concerns/taxonomix.rb
Hunk #1 succeeded at 108 with fuzz 2 (offset -1 lines).
---

But unfortunately the issue is still there. Here is what I did 

(satellite version : 6.2.4)

// Create user and group :

1. Login as admin 
2. Go to Administrator > Users > 
3. Create user "tuser1" , set password. Have not select any roles. 
3. Submit 
4. Create user group "tusergroup" and select "tuser1" as member , in the role tab, select "Admin" and add all the roles 
5. Submit 

// Verify : 
6. check the "Users" tab and see the "tuser1" is showing in the table with "Administrator" column ticked

// Test: 

7. logout from "Admin" user 
8. Log in as "tuser1" 
9. Go to Administrator > Users > 
10. Select User "tuser1" 
11. Go to "Location" tab and change the location . (unselect existing one or select new one or any change ) or change Orgnaization
12. Submit 
13. Repeat step 9,10 and check if the "Location"/"Orgnaization" has changed or not. 

// Output: 

Expected output : it should changed 
Actual output: it does not change. 


foreman tail when I try to change location :

----
==> /var/log/foreman/production.log <==
2016-12-05 13:10:28 [app] [I] Started PATCH "/users/4-tuser1" for 10.64.0.208 at 2016-12-05 13:10:28 +1100
2016-12-05 13:10:28 [app] [I] Processing by UsersController#update as */*
2016-12-05 13:10:28 [app] [I]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"KhZknQhcwvT6Yd0wBw/taudkyErlzVC9wMX+/5cn3jQ=", "user"=>{"login"=>"tuser1", "firstname"=>"t1first", "lastname"=>"t1surname", "mail"=>"t1", "locale"=>"", "timezone"=>"", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "mail_enabled"=>"0", "user_mail_notifications_attributes"=>{"0"=>{"mail_notification_id"=>"7", "interval"=>"", "mail_query"=>""}, "1"=>{"mail_notification_id"=>"8", "interval"=>""}, "2"=>{"mail_notification_id"=>"1", "interval"=>""}, "3"=>{"mail_notification_id"=>"10", "interval"=>""}, "4"=>{"mail_notification_id"=>"3", "interval"=>""}, "5"=>{"mail_notification_id"=>"5", "interval"=>""}, "6"=>{"mail_notification_id"=>"4", "interval"=>""}, "7"=>{"mail_notification_id"=>"2", "interval"=>""}}, "admin"=>"0", "role_ids"=>["14"], "location_ids"=>[""], "default_location_id"=>"", "organization_ids"=>["", "1"], "default_organization_id"=>""}, "id"=>"4-tuser1"}
2016-12-05 13:10:28 [app] [I] Expire fragment views/tabs_and_title_records-4 (0.5ms)
2016-12-05 13:10:28 [app] [I] Redirected to https://10.64.8.255/users
2016-12-05 13:10:28 [app] [I] Completed 302 Found in 32ms (ActiveRecord: 4.5ms)
2016-12-05 13:10:28 [app] [I] Started GET "/users" for 10.64.0.208 at 2016-12-05 13:10:28 +1100
2016-12-05 13:10:28 [app] [I] Processing by UsersController#index as */*
2016-12-05 13:10:28 [app] [I]   Rendered users/index.html.erb within layouts/application (17.4ms)
2016-12-05 13:10:28 [app] [I]   Rendered common/_searchbar.html.erb (3.6ms)
2016-12-05 13:10:28 [app] [I]   Rendered layouts/_application_content.html.erb (4.2ms)
2016-12-05 13:10:28 [app] [I]   Rendered home/_submenu.html.erb (1.8ms)
2016-12-05 13:10:28 [app] [I]   Rendered home/_user_dropdown.html.erb (1.7ms)
2016-12-05 13:10:28 [app] [I] Read fragment views/tabs_and_title_records-4 (0.1ms)
2016-12-05 13:10:28 [app] [I]   Rendered home/_organization_dropdown.html.erb (4.4ms)
2016-12-05 13:10:28 [app] [I]   Rendered home/_location_dropdown.html.erb (4.2ms)
2016-12-05 13:10:28 [app] [I]   Rendered home/_org_switcher.html.erb (9.4ms)
2016-12-05 13:10:28 [app] [I]   Rendered home/_submenu.html.erb (4.4ms)

-------

Comment 11 Dominik Hlavac Duran 2017-08-09 11:08:13 UTC

Verified.

Version Tested : Satellite-6.3 Snap 10

1. Login as admin 
2. Go to Administrator > Users > 
3. Create user "tuser1" , set password. Have not select any roles. 
4. Create user "tuser2" , set password. Have not select any roles. 
5. Create user group "tusergroup" and select "tuser1" as member , in the role tab, select "Admin" and add all the roles 
6. Add tuser2 to "tusergroup"
7. Submit 
8. check the "Users" tab and see the "tuser1" is showing in the table with "Administrator" column ticked
9. logout from "Admin" user 
10. Log in as "tuser1" 
11. Go to Administrator > Users > 
12. Select User "tuser1" 
13. Go to "Location" tab and change the location . (unselect existing one or select new one or any change ) or change Orgnaization
14. Submit 
15. Repeat step 9,10 and check if the "Location"/"Orgnaization" has changed or not. 
16. Organizations/locations changed

Comment 12 Bryan Kearney 2018-02-21 16:41:25 UTC

Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336

Comment 13 Bryan Kearney 2018-02-21 16:44:25 UTC

Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336

Comment 14 Satellite Program 2018-02-21 16:49:54 UTC

Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336

Note You need to log in before you can comment on or make changes to this bug.