Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
DescriptionStuart Auchterlonie
2016-12-13 22:54:07 UTC
Created attachment 1231360[details]
Patch to enable buttons
Description of problem:
A user with limited access permissions is unable to add or remove host collections from an activation key, using the satellite web interface.
The same user can successfully add and remove host collections from
the activation key using hammer.
Version-Release number of selected component (if applicable):
6.2.4
How reproducible:
100%
Steps to Reproduce:
1. Create a user with limited access rights
Access rights are as follows
Host Collections: view_host_collections, edit_host_collections
- Search: name ~ "Test_*_Dev" || name ~ "Test_*_QA"
Activation Keys: view_activation_keys, create_activation_keys
edit_activation_keys, destroy_activation_keys
- Search: name ~ ak_test
Organization: view_organizations, assign_organizations
view_subscriptions, attach_subscriptions, unattach_subscriptions
2. Use hammer to add host collection to the activation key
# hammer -u limited -p redhat activation-key add-host-collection --host-collection "Test_A_Dev" --name ak_test --organization ACME
The host collection has been associated
# hammer -u limited -p redhat activation-key remove-host-collection --host-collection "Test_A_Dev" --name ak_test --organization ACME
The host collection has been removed
3. Log into the satellite web interface as the "limited" user
4. Navigate to Content > Activation Keys > "ak_test" > Host Collections > Add
Actual results:
At step #4 the "Add Selected" button is missing
as is the "Remove Selected" button on the "List/Remove" tab
(I have a patch for this)
After applying my patch for this, attempts to submit the changes
result in an error from the backend. The web debugger yields the following
--------
Request URL:https://stuarta-sat6-test.usersys.redhat.com/katello/api/v2/activation_keys/13/host_collections
Request Method:POST
Status Code:403 Forbidden
Remote Address:10.33.9.40:443
--------
Request Payload
{"activation_key":{"host_collection_ids":[4]}}
--------
Response Payload
{
"error": {"message":"Access denied","details":"Missing one of the required permissions: "}
}
--------
Note that the response payload does not list the missing permissions
whilst running hammer in debug mode does. (To see this effect remove
the organization access rights from the user)
Expected results:
1) The "Add Selected" and "Remove Selected" buttons should be visible
if the user has the "edit_activation_keys" privilege.
2) If the user has this privilege, modification of the activation key
via the gui should be possible
Additional info:
Comment 3Stuart Auchterlonie
2016-12-13 23:12:52 UTC