Bug 1478286 - Users with Manager role can't view capsules
Users with Manager role can't view capsules
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Users & Roles (Show other bugs)
Unspecified Unspecified
unspecified Severity high (vote)
: Unspecified
: --
Assigned To: satellite6-bugs
Katello QA List
Depends On:
  Show dependency treegraph
Reported: 2017-08-04 04:14 EDT by Tomas Strachota
Modified: 2017-08-04 07:01 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-08-04 07:01:43 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tomas Strachota 2017-08-04 04:14:42 EDT
Description of problem:

Users with Manager role (and without admin flag) can't view capsules attached to their organization. UI, API and CLI behave the same.

Version-Release number of selected component (if applicable):
Satellite 6.3 snap 9

Steps to Reproduce:
1. Create a new organization OrgA
2. Add satellite's capsule to OrgA
3. Create a normal user (not admin) with Manager role, add him to OrgA
4. Log in as the newly created user and try to view capsules (Infrastructure > Capsules)

Actual results:
The capsule list is empty.

Expected results:
The page should show the capsule that was added to OrgA.

Additional info:
This could be a branding problem. A message in log says "checking permission view_smart_proxies for class SmartProxy" but the Manager role contains a filter with permissions for resource "Capsule".

Relevant part of log:

2017-08-03 11:08:15 7bc71835 [app] [I] Started GET "/smart_proxies" for at 2017-08-03 11:08:15 +0000
2017-08-03 11:08:15 7bc71835 [app] [I] Processing by SmartProxiesController#index as HTML
2017-08-03 11:08:15 7bc71835 [app] [I] Current user: john (regular user)
2017-08-03 11:08:15 7bc71835 [app] [D] Setting current user thread-local variable to john
2017-08-03 11:08:15 7bc71835 [app] [D] Setting current organization thread-local variable to Test Org
2017-08-03 11:08:15 7bc71835 [app] [D] Setting current location thread-local variable to none
2017-08-03 11:08:15 7bc71835 [permissions] [D] checking permission view_smart_proxies for class SmartProxy
2017-08-03 11:08:15 7bc71835 [permissions] [D] organization_ids: [3]
2017-08-03 11:08:15 7bc71835 [permissions] [D] location_ids: []
2017-08-03 11:08:15 7bc71835 [permissions] [D] filter with role_id: 14 limited: false search:  taxonomy_search:
 | filter with role_id: 15 limited: false search:  taxonomy_search:
2017-08-03 11:08:15 7bc71835 [app] [I]   Rendered smart_proxies/index.html.erb within layouts/application (7.1ms)
2017-08-03 11:08:15 7bc71835 [app] [I]   Rendered layouts/_application_content.html.erb (0.3ms)
2017-08-03 11:08:15 7bc71835 [app] [I]   Rendered home/_submenu.html.erb (2.0ms)
2017-08-03 11:08:16 7bc71835 [app] [I]   Rendered home/_user_dropdown.html.erb (2.1ms)
2017-08-03 11:08:16 7bc71835 [app] [I] Read fragment views/tabs_and_title_records-4 (0.2ms)
2017-08-03 11:08:16 7bc71835 [app] [I]   Rendered home/_topbar.html.erb (18.1ms)
2017-08-03 11:08:16 7bc71835 [app] [I]   Rendered layouts/base.html.erb (19.7ms)
2017-08-03 11:08:16 7bc71835 [app] [I] Completed 200 OK in 69ms (Views: 25.5ms | ActiveRecord: 10.4ms)
Comment 1 Marek Hulan 2017-08-04 04:26:12 EDT
In this case I don't think branding would cause problems. Capsule is probably changed by deface only when the resource is printed out. From the log, it seems that location might be misconfigured, could you double check the capsule is available in location to which to user is assigned?
Comment 2 Tomas Strachota 2017-08-04 04:35:08 EDT
The user wasn't assigned to any organization and I was viewing the capsules from "Any location" context. Is it expected that the capsule won't be visible in such case?
Comment 3 Tomas Strachota 2017-08-04 04:36:05 EDT
I forgot to mention that when I added user to the capsule's location it started to work normally.
Comment 4 Marek Hulan 2017-08-04 05:03:29 EDT
Then I think it works as expected. User not assigned to capsule's location can't see it. It works the same way with organizations and I think it's expected to only see resources from your organizations (and locations)
Comment 5 Tomas Strachota 2017-08-04 07:01:43 EDT
Ok, it makes sense. I'm closing the bug.

Note You need to log in before you can comment on or make changes to this bug.