Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1478286 - Users with Manager role can't view capsules
Summary: Users with Manager role can't view capsules
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Users & Roles
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-08-04 08:14 UTC by Tomas Strachota
Modified: 2017-08-04 11:01 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-04 11:01:43 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Tomas Strachota 2017-08-04 08:14:42 UTC 
Description of problem:

Users with Manager role (and without admin flag) can't view capsules attached to their organization. UI, API and CLI behave the same.

Version-Release number of selected component (if applicable):
Satellite 6.3 snap 9

Steps to Reproduce:
1. Create a new organization OrgA
2. Add satellite's capsule to OrgA
3. Create a normal user (not admin) with Manager role, add him to OrgA
4. Log in as the newly created user and try to view capsules (Infrastructure > Capsules)

Actual results:
The capsule list is empty.

Expected results:
The page should show the capsule that was added to OrgA.

Additional info:
This could be a branding problem. A message in log says "checking permission view_smart_proxies for class SmartProxy" but the Manager role contains a filter with permissions for resource "Capsule".

Relevant part of log:

2017-08-03 11:08:15 7bc71835 [app] [I] Started GET "/smart_proxies" for 192.168.121.1 at 2017-08-03 11:08:15 +0000
2017-08-03 11:08:15 7bc71835 [app] [I] Processing by SmartProxiesController#index as HTML
2017-08-03 11:08:15 7bc71835 [app] [I] Current user: john (regular user)
2017-08-03 11:08:15 7bc71835 [app] [D] Setting current user thread-local variable to john
2017-08-03 11:08:15 7bc71835 [app] [D] Setting current organization thread-local variable to Test Org
2017-08-03 11:08:15 7bc71835 [app] [D] Setting current location thread-local variable to none
2017-08-03 11:08:15 7bc71835 [permissions] [D] checking permission view_smart_proxies for class SmartProxy
2017-08-03 11:08:15 7bc71835 [permissions] [D] organization_ids: [3]
2017-08-03 11:08:15 7bc71835 [permissions] [D] location_ids: []
2017-08-03 11:08:15 7bc71835 [permissions] [D] filter with role_id: 14 limited: false search:  taxonomy_search:
 | filter with role_id: 15 limited: false search:  taxonomy_search:
2017-08-03 11:08:15 7bc71835 [app] [I]   Rendered smart_proxies/index.html.erb within layouts/application (7.1ms)
2017-08-03 11:08:15 7bc71835 [app] [I]   Rendered layouts/_application_content.html.erb (0.3ms)
2017-08-03 11:08:15 7bc71835 [app] [I]   Rendered home/_submenu.html.erb (2.0ms)
2017-08-03 11:08:16 7bc71835 [app] [I]   Rendered home/_user_dropdown.html.erb (2.1ms)
2017-08-03 11:08:16 7bc71835 [app] [I] Read fragment views/tabs_and_title_records-4 (0.2ms)
2017-08-03 11:08:16 7bc71835 [app] [I]   Rendered home/_topbar.html.erb (18.1ms)
2017-08-03 11:08:16 7bc71835 [app] [I]   Rendered layouts/base.html.erb (19.7ms)
2017-08-03 11:08:16 7bc71835 [app] [I] Completed 200 OK in 69ms (Views: 25.5ms | ActiveRecord: 10.4ms)
Comment 1 Marek Hulan 2017-08-04 08:26:12 UTC 
In this case I don't think branding would cause problems. Capsule is probably changed by deface only when the resource is printed out. From the log, it seems that location might be misconfigured, could you double check the capsule is available in location to which to user is assigned?
Comment 2 Tomas Strachota 2017-08-04 08:35:08 UTC 
The user wasn't assigned to any organization and I was viewing the capsules from "Any location" context. Is it expected that the capsule won't be visible in such case?
Comment 3 Tomas Strachota 2017-08-04 08:36:05 UTC 
I forgot to mention that when I added user to the capsule's location it started to work normally.
Comment 4 Marek Hulan 2017-08-04 09:03:29 UTC 
Then I think it works as expected. User not assigned to capsule's location can't see it. It works the same way with organizations and I think it's expected to only see resources from your organizations (and locations)
Comment 5 Tomas Strachota 2017-08-04 11:01:43 UTC 
Ok, it makes sense. I'm closing the bug.
Note You need to log in before you can comment on or make changes to this bug.