1397465 – [CFME 5.7 beta] Provisioning notifications are not RBAC-compliant with regard to group membership

Bug 1397465 - [CFME 5.7 beta] Provisioning notifications are not RBAC-compliant with regard to group membership

Summary: [CFME 5.7 beta] Provisioning notifications are not RBAC-compliant with regard...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat CloudForms Management Engine
Classification:	Red Hat
Component:	Appliance
Sub Component:
Version:	5.7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	GA
Target Release:	5.7.0
Assignee:	Šimon Lukašík
QA Contact:	Satyajit Bulage
Docs Contact:
URL:
Whiteboard:	notification
Depends On:	1394283
Blocks:
TreeView+	depends on / blocked

Reported:	2016-11-22 15:26 UTC by Satoe Imaishi
Modified:	2017-01-04 13:17 UTC (History)
CC List:	8 users (show)
Fixed In Version:	5.7.0.16
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1394283
Environment:
Last Closed:	2017-01-04 13:17:11 UTC
Category:	---
Cloudforms Team:	CFME Core
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Screenshot showing actual results (142.85 KB, image/png) 2016-12-02 10:46 UTC, Satyajit Bulage	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2017:0012	0	normal	SHIPPED_LIVE	CFME 5.7.0 bug fixes and enhancement update	2017-01-04 17:50:36 UTC

Comment 2 Šimon Lukašík 2016-11-22 15:37:46 UTC

Euwe Backport details:

$ git log -1
commit 95b74a8a55fcbd5ebd93717eb58775b4c9ea211f

Comment 3 Satyajit Bulage 2016-12-02 10:46:36 UTC

Created attachment 1227270 [details]
Screenshot showing actual results

Hello,

I am able to reproduce this issue on the current build. See attached screenshot.

Current Version:- 5.7.0.13-rc3.20161129142908_1d51fd2 

Thanks,
Satyajit Bulage.

Comment 4 Šimon Lukašík 2016-12-08 12:47:55 UTC

https://github.com/ManageIQ/manageiq/pull/13051

Comment 5 CFME Bot 2016-12-08 20:50:48 UTC

New commit detected on ManageIQ/manageiq/euwe:
https://github.com/ManageIQ/manageiq/commit/f3db579e4d9c0628774fb6ef9f80c4cc717ed3b7

commit f3db579e4d9c0628774fb6ef9f80c4cc717ed3b7
Author:     Gregg Tanzillo <gtanzill>
AuthorDate: Thu Dec 8 14:54:06 2016 -0500
Commit:     Oleg Barenboim <chessbyte>
CommitDate: Thu Dec 8 15:46:08 2016 -0500

    Merge pull request #13051 from isimluk/rhbz#1397465
    
    Notify only a group of users when notifying about MiqRequest
    (cherry picked from commit 9d5adc4fd63ec30e208fc81fbc8b699bf9e5009b)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1397465

 app/models/notification_type.rb    |  7 ++++++-
 db/fixtures/notification_types.yml |  4 ++--
 spec/models/notification_spec.rb   | 17 +++++++++++++++++
 3 files changed, 25 insertions(+), 3 deletions(-)

Comment 6 Satyajit Bulage 2016-12-15 09:18:41 UTC

Followed verification steps:
1. Created a new role called "my_role" that has a VM & Template Access Restriction of 'Only User or Group Owned'
2. Created two new groups "group1 and group2" in the same tenant, each with this role. 
3. Created a users named "user1 and user2" in each group. 
4. Provisioned a VM as user1, then login as user2.

User2 is not able to see the provisioning notifications from user1. Also getting provisioning-related messages to the requester and owner of the VM.

Verified Version:- 5.7.0.16.20161213213754_1ad3545

Comment 8 errata-xmlrpc 2017-01-04 13:17:11 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0012.html

Note You need to log in before you can comment on or make changes to this bug.