Bug 1392602 - API Using incorrect arbitration_profiles query/read roles
Summary: API Using incorrect arbitration_profiles query/read roles
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: API
Version: 5.7.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: GA
: 5.8.0
Assignee: abellott
QA Contact: Martin Kourim
URL:
Whiteboard: rest:designer
Depends On:
Blocks: 1394333
TreeView+ depends on / blocked
 
Reported: 2016-11-07 21:32 UTC by abellott
Modified: 2019-08-06 20:04 UTC (History)
5 users (show)

Fixed In Version: 5.8.0.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1394333 (view as bug list)
Environment:
Last Closed: 2017-06-12 16:22:58 UTC
Category: ---
Cloudforms Team: ---
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description abellott 2016-11-07 21:32:31 UTC 
Description of problem:

API is using incorrect arbitration_profiles query/read roles in the
api.yml. 
 
Version-Release number of selected component (if applicable):

5.7

How reproducible:

Always

Steps to Reproduce:
1.Setup Appliance
2.Setup a user role with
   Compute->Clouds->Cloud Providers->View->Arbitration Profiles Show CHECKED
   Compute->Clouds->Cloud Providers->View->Arbitration Profiles List UNCHECKED


GET /api/arbitration_profiles

Actual results:

Successful list of arbitration_profiles returned.

Expected results:

403/Forbidden

Additional info:
Comment 2 CFME Bot 2016-11-07 21:36:46 UTC 
https://github.com/ManageIQ/manageiq/pull/12455
Comment 3 CFME Bot 2016-11-10 15:26:22 UTC 
New commit detected on ManageIQ/manageiq/master:
https://github.com/ManageIQ/manageiq/commit/4d19ad887daddafb655b914834d06ff3369d9141

commit 4d19ad887daddafb655b914834d06ff3369d9141
Author:     Alberto Bellotti <abellott>
AuthorDate: Fri Nov 4 17:54:50 2016 -0400
Commit:     Alberto Bellotti <abellott>
CommitDate: Tue Nov 8 11:12:01 2016 -0500

    Corrected arbitration_profiles query/read roles
    
    - list/queries were referencing the invididual show role instead of the show_list
    - missing resource read show role
    - added rspecs
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1392602

 config/api.yml                                |  7 +++++--
 spec/requests/api/arbitration_profile_spec.rb | 23 +++++++++++++++++++++++
 2 files changed, 28 insertions(+), 2 deletions(-)
Comment 4 CFME Bot 2016-11-10 20:46:00 UTC 
New commit detected on ManageIQ/manageiq/euwe:
https://github.com/ManageIQ/manageiq/commit/0bdeb5e60ade69e027455bd9da19a03682214c07

commit 0bdeb5e60ade69e027455bd9da19a03682214c07
Author:     Gregg Tanzillo <gtanzill>
AuthorDate: Thu Nov 10 10:22:39 2016 -0500
Commit:     Oleg Barenboim <chessbyte>
CommitDate: Thu Nov 10 15:36:38 2016 -0500

    Merge pull request #12455 from abellotti/api_arbitration_profiles_read_roles
    
    Corrected arbitration_profiles query/read roles
    (cherry picked from commit a13e6e1d0032502d65971d65001c5d6d1f32a26a)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1392602

 config/api.yml                                |  7 +++++--
 spec/requests/api/arbitration_profile_spec.rb | 23 +++++++++++++++++++++++
 2 files changed, 28 insertions(+), 2 deletions(-)
Comment 6 Martin Kourim 2017-02-28 19:38:28 UTC 
Verified by following "Steps to Reproduce". Result:
{
  "error": {
    "kind": "forbidden",
    "message": "Use of the read action is forbidden",
    "klass": "Api::ForbiddenError"
  }
}
Note You need to log in before you can comment on or make changes to this bug.