Bug 1463962 - Email notification - Sync errata - email should be send to only those users who belongs/access to the organization.
Email notification - Sync errata - email should be send to only those users w...
Status: POST
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Email (Show other bugs)
6.2.9
x86_64 Unspecified
high Severity high (vote)
: Unspecified
: --
Assigned To: satellite6-bugs
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-22 03:12 EDT by Ranjan Kumar
Modified: 2017-06-30 11:37 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Foreman Issue Tracker 20084 None None None 2017-06-24 01:20 EDT

  None (edit)
Description Ranjan Kumar 2017-06-22 03:12:03 EDT
Description of problem:
If a user subscribes to "Sync errata" notification mails, he gets mails for every repository in the system, also mail related to repos in organizations he does not have access. For 15 organization this means 14 times the number of repos unwanted, disturbing, obscuring spam.

Version-Release number of selected component (if applicable):


How reproducible: Always


Steps to Reproduce:
1. Create User "User-A" for Organization A and of for syn errata email 
 [root@dhcp6-10 ~]# hammer user info --login ranjan
 Id:                   5
 Login:                usera
 Email:                usera@redhat.com
 Organizations:        
    ranjan

2. Create User "User-B" for Organization B and of for syn errata email
 [root@dhcp6-10 ~]# hammer user info --login admin
 Id:                   3
 Login:                userb
 Email:                userb@gmail.com
 Organizations:        
    RedHat

3. Start a repo sync in Organization A

4. User-B also get a mail even he is not a part of Organization B

Sent mail to userb@gmail.com (3968.5ms)
2017-06-22 11:36:29  [app] [D] Date: Thu, 22 Jun 2017 11:36:25 +0530
 | From: satellite-noreply@gsslab.pnq.redhat.com
 | To: userb@gmail.com
 | Subject: [satellite] Sync Summary for Red Hat Enterprise Linux 7 Server RPMs


Actual results: It send mail to all user irrespective of organization


Expected results: Mail should only send to the user who is having access to the organization


Additional info:
Comment 1 Ranjan Kumar 2017-06-22 04:53:37 EDT
Updating steps to reproduce

Steps to Reproduce:
1. Create User "User-A" in Organization-A and select "syn errata" in My Account
 [root@dsatellite ~]# hammer user info --login ranjan
 Id:                   5
 Login:                usera
 Email:                usera@redhat.com
 Organizations:        
    Organization-A

2. Create User "User-B" in Organization-B and select "syn errata" in My Account
 [root@satellite ~]# hammer user info --login admin
 Id:                   3
 Login:                userb
 Email:                userb@gmail.com
 Organizations:        
    Organization-B

3. Start any repository sync in Organization-A

4. Now Observed that User-B also get a mail even the userb is not a part of Organization-A

Sent mail to userb@gmail.com (3968.5ms)
2017-06-22 11:36:29  [app] [D] Date: Thu, 22 Jun 2017 11:36:25 +0530
 | From: satellite@example.com
 | To: userb@gmail.com
 | Subject: [satellite] Sync Summary for Red Hat Enterprise Linux 7 Server RPMs
Comment 2 Ranjan Kumar 2017-06-23 02:25:04 EDT
Fix: Patch for 6.2.9

diff --git a/app/lib/actions/katello/content_view/errata_mail.rb b/app/lib/actions/katello/content_view/errata_mail.rb
index b7ccfdd..9fca90e 100644
--- a/app/lib/actions/katello/content_view/errata_mail.rb
+++ b/app/lib/actions/katello/content_view/errata_mail.rb
@@ -11,7 +11,7 @@ module Actions
 
           content_view = ::Katello::ContentView.find(input[:content_view])
           environment = ::Katello::KTEnvironment.find(input[:environment])
-          users = ::User.select { |user| user.receives?(:promote_errata) && user.can?(:view_content_views, content_view) }
+          users = ::User.select { |user| user.receives?(:promote_errata) && user.organization_ids.include?(content_view.organization_id) && user.can?(:view_content_views, content_view) }
 
           begin
             MailNotification[:promote_errata].deliver(:users => users, :content_view => content_view, :environment => environment) unless users.blank?
diff --git a/app/lib/actions/katello/repository/errata_mail.rb b/app/lib/actions/katello/repository/errata_mail.rb
index e9a30f4..f91da89 100644
--- a/app/lib/actions/katello/repository/errata_mail.rb
+++ b/app/lib/actions/katello/repository/errata_mail.rb
@@ -13,7 +13,7 @@ module Actions
           ::User.current = ::User.anonymous_admin
 
           repo = ::Katello::Repository.find(input[:repo])
-          users = ::User.select { |user| user.receives?(:sync_errata) && user.can?(:view_products, repo.product) }.compact
+          users = ::User.select { |user| user.receives?(:sync_errata) && user.organization_ids.include?(repo.organization.id) && user.can?(:view_products, repo.product) }.compact
           errata = ::Katello::Erratum.where(:id => repo.repository_errata.where('katello_repository_errata.updated_at > ?', input[:last_updated].to_datetime).pluck(:erratum_id))
 
           begin
Comment 3 pm-sat@redhat.com 2017-06-24 02:17:29 EDT
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/20084 has been resolved.

Note You need to log in before you can comment on or make changes to this bug.