Bug 1410919 - Lifecycle environments not displayed correctly with restricted permissions
Summary: Lifecycle environments not displayed correctly with restricted permissions
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Lifecycle Environments
Version: 6.2.6
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: Unspecified
Assignee: Brad Buckingham
QA Contact: Justin Sherrill
URL:
Whiteboard:
Depends On:
Blocks: 1316897
TreeView+ depends on / blocked
 
Reported: 2017-01-06 20:52 UTC by Stuart Auchterlonie
Modified: 2019-08-12 14:03 UTC (History)
9 users (show)

Fixed In Version: katello-3.4.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-02-21 16:54:37 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 18034 0 Normal Closed Lifecycle environments not displayed correctly with restricted permissions 2021-01-28 11:08:49 UTC
Red Hat Knowledge Base (Solution) 3091651 0 None None None 2017-12-14 04:19:46 UTC

Description Stuart Auchterlonie 2017-01-06 20:52:30 UTC
Description of problem:

When using a user with restricted rights the lifecycle
environments are not correctly displayed in the web ui

Version-Release number of selected component (if applicable):

6.2.2 - 6.2.6

How reproducible:

100%

Steps to Reproduce:
1. The role assigned to the user has the following permission set

# hammer -u admin -p redhat role filters --id=22
----|-------------------------|-----------------------------------------------------------------|------------|---------|---------------------------------------------------------------------------------
ID  | RESOURCE TYPE           | SEARCH                                                          | UNLIMITED? | ROLE    | PERMISSIONS                                                                     
----|-------------------------|-----------------------------------------------------------------|------------|---------|---------------------------------------------------------------------------------
167 | Katello::Product        | name ~ "Test_*" || name ~ "rhel7*"                              | no         | Limited | view_products, create_products, edit_products, destroy_products, sync_product...
168 | Katello::System         | host_collection ~ "Test_*_Dev" || host_collection ~ "Test_*_QA" | no         | Limited | view_content_hosts, edit_content_hosts                                          
169 | Katello::ContentView    | name ~ "Test_*" || name ~ "rhel7*"                              | no         | Limited | view_content_views, create_content_views, edit_content_views, destroy_content...
170 | Host                    | host_collection ~ "Test_*_Dev" || host_collection ~ "Test_*_QA" | no         | Limited | view_hosts, edit_hosts                                                          
171 | Katello::HostCollection | name ~ "Test_*_Dev" || name ~ "Test_*_QA"                       | no         | Limited | view_host_collections, edit_host_collections                                    
172 | JobInvocation           | none                                                            | yes        | Limited | create_job_invocations, view_job_invocations                                    
173 | Katello::KTEnvironment  | name ~ Dev || name ~ QA                                         | no         | Limited | view_lifecycle_environments, edit_lifecycle_environments, promote_or_remove_c...
174 | Katello::ActivationKey  | name ~ ak_test                                                  | no         | Limited | view_activation_keys, create_activation_keys, edit_activation_keys, destroy_a...
176 | Organization            | none                                                            | yes        | Limited | view_organizations, assign_organizations, view_subscriptions, attach_subscrip...
----|-------------------------|-----------------------------------------------------------------|------------|---------|---------------------------------------------------------------------------------

2. Show all the environments with hammer

# hammer -u admin -p redhat lifecycle-environment list --organization ACME
---|---------|--------
ID | NAME    | PRIOR  
---|---------|--------
3  | test2   | Library
2  | test    | Library
5  | qa2     | test2  
4  | qa1     | test   
7  | QA      | Library
1  | Library |        
6  | Dev     | Library
---|---------|--------

3. Verify the restriction with hammer

# hammer -u limited -p redhat lifecycle-environment list --organization ACME
---|------|--------
ID | NAME | PRIOR  
---|------|--------
5  | qa2  | test2  
4  | qa1  | test   
7  | QA   | Library
6  | Dev  | Library
---|------|--------

4. Login to the web ui as the limited user and navigate to the lifecycle
environments page

Actual results:

The title bars for each of the lifecycle environment tables have been 
suppressed but the actual counts of Content Views and Content Hosts are still 
visible.

Expected results:

The lifecycle environments that the user is authorized to see are shown
and all others are suppressed.

Additional info:

Comment 3 Brad Buckingham 2017-01-11 16:45:39 UTC
Created redmine issue http://projects.theforeman.org/issues/18034 from this bug

Comment 7 Bryan Kearney 2017-06-20 19:53:52 UTC
This was delivered in Snap1

Comment 8 Justin Sherrill 2017-08-02 16:37:25 UTC
Verified on 6.2.9 snap 9

The entire columns are hidden of non-visible environments.

Comment 9 Amit Kumar Das 2017-09-16 01:46:28 UTC
Hi - Which satellite release we are targeting this fix? Thanks.

Comment 10 Brad Buckingham 2017-09-27 21:41:49 UTC
Hello Amit,

This fix for this one is currently targeted for Satellite 6.3.  Thanks.

Comment 11 pm-sat@redhat.com 2018-02-21 16:54:37 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> > 
> > For information on the advisory, and where to find the updated files, follow the link below.
> > 
> > If the solution does not work for you, open a new bug report.
> > 
> > https://access.redhat.com/errata/RHSA-2018:0336


Note You need to log in before you can comment on or make changes to this bug.