Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1410919 - Lifecycle environments not displayed correctly with restricted permissions
Summary: Lifecycle environments not displayed correctly with restricted permissions
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Lifecycle Environments
Version: 6.2.6
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: Unspecified
Assignee: Brad Buckingham
QA Contact: Justin Sherrill
URL:
Whiteboard:
Depends On:
Blocks: 1316897
TreeView+ depends on / blocked
 
Reported: 2017-01-06 20:52 UTC by Stuart Auchterlonie
Modified: 2021-12-10 14:51 UTC (History)
9 users (show)

Fixed In Version: katello-3.4.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-02-21 16:54:37 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 18034 0 Normal Closed Lifecycle environments not displayed correctly with restricted permissions 2021-01-28 11:08:49 UTC
Red Hat Knowledge Base (Solution) 3091651 0 None None None 2017-12-14 04:19:46 UTC

Description Stuart Auchterlonie 2017-01-06 20:52:30 UTC 
Description of problem:

When using a user with restricted rights the lifecycle
environments are not correctly displayed in the web ui

Version-Release number of selected component (if applicable):

6.2.2 - 6.2.6

How reproducible:

100%

Steps to Reproduce:
1. The role assigned to the user has the following permission set

# hammer -u admin -p redhat role filters --id=22
----|-------------------------|-----------------------------------------------------------------|------------|---------|---------------------------------------------------------------------------------
ID  | RESOURCE TYPE           | SEARCH                                                          | UNLIMITED? | ROLE    | PERMISSIONS                                                                     
----|-------------------------|-----------------------------------------------------------------|------------|---------|---------------------------------------------------------------------------------
167 | Katello::Product        | name ~ "Test_*" || name ~ "rhel7*"                              | no         | Limited | view_products, create_products, edit_products, destroy_products, sync_product...
168 | Katello::System         | host_collection ~ "Test_*_Dev" || host_collection ~ "Test_*_QA" | no         | Limited | view_content_hosts, edit_content_hosts                                          
169 | Katello::ContentView    | name ~ "Test_*" || name ~ "rhel7*"                              | no         | Limited | view_content_views, create_content_views, edit_content_views, destroy_content...
170 | Host                    | host_collection ~ "Test_*_Dev" || host_collection ~ "Test_*_QA" | no         | Limited | view_hosts, edit_hosts                                                          
171 | Katello::HostCollection | name ~ "Test_*_Dev" || name ~ "Test_*_QA"                       | no         | Limited | view_host_collections, edit_host_collections                                    
172 | JobInvocation           | none                                                            | yes        | Limited | create_job_invocations, view_job_invocations                                    
173 | Katello::KTEnvironment  | name ~ Dev || name ~ QA                                         | no         | Limited | view_lifecycle_environments, edit_lifecycle_environments, promote_or_remove_c...
174 | Katello::ActivationKey  | name ~ ak_test                                                  | no         | Limited | view_activation_keys, create_activation_keys, edit_activation_keys, destroy_a...
176 | Organization            | none                                                            | yes        | Limited | view_organizations, assign_organizations, view_subscriptions, attach_subscrip...
----|-------------------------|-----------------------------------------------------------------|------------|---------|---------------------------------------------------------------------------------

2. Show all the environments with hammer

# hammer -u admin -p redhat lifecycle-environment list --organization ACME
---|---------|--------
ID | NAME    | PRIOR  
---|---------|--------
3  | test2   | Library
2  | test    | Library
5  | qa2     | test2  
4  | qa1     | test   
7  | QA      | Library
1  | Library |        
6  | Dev     | Library
---|---------|--------

3. Verify the restriction with hammer

# hammer -u limited -p redhat lifecycle-environment list --organization ACME
---|------|--------
ID | NAME | PRIOR  
---|------|--------
5  | qa2  | test2  
4  | qa1  | test   
7  | QA   | Library
6  | Dev  | Library
---|------|--------

4. Login to the web ui as the limited user and navigate to the lifecycle
environments page

Actual results:

The title bars for each of the lifecycle environment tables have been 
suppressed but the actual counts of Content Views and Content Hosts are still 
visible.

Expected results:

The lifecycle environments that the user is authorized to see are shown
and all others are suppressed.

Additional info:
Comment 3 Brad Buckingham 2017-01-11 16:45:39 UTC 
Created redmine issue http://projects.theforeman.org/issues/18034 from this bug
Comment 7 Bryan Kearney 2017-06-20 19:53:52 UTC 
This was delivered in Snap1
Comment 8 Justin Sherrill 2017-08-02 16:37:25 UTC 
Verified on 6.2.9 snap 9

The entire columns are hidden of non-visible environments.
Comment 9 Amit Kumar Das 2017-09-16 01:46:28 UTC 
Hi - Which satellite release we are targeting this fix? Thanks.
Comment 10 Brad Buckingham 2017-09-27 21:41:49 UTC 
Hello Amit,

This fix for this one is currently targeted for Satellite 6.3.  Thanks.
Comment 11 Satellite Program 2018-02-21 16:54:37 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> > 
> > For information on the advisory, and where to find the updated files, follow the link below.
> > 
> > If the solution does not work for you, open a new bug report.
> > 
> > https://access.redhat.com/errata/RHSA-2018:0336
Note You need to log in before you can comment on or make changes to this bug.