Description of problem: API call for arf_reports fails when user is non-admin. Correct permission(view_arf_reports) is given to the non-admin user Version-Release number of selected component (if applicable): Satellite 6.2.11 How reproducible: Always Steps to Reproduce: 1. Create a user with permission view_arf_reports 2. Try to access api https://satellite.example.com/api/v2/compliance/arf_reports 3. This returns 0 result. Actual results: Return 0 result Expected results: It should return compliance report
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/21125 has been resolved.
Build:Satellite 6.3.0 snap24 Steps: curl -u admin:changeme -X GET --header "Accept:application/jsoUT version=2" https://sat-host/api/v2/roles/arf_role --insecure {"builtin":0,"cloned_from_id":null,"name":"arf_role","id":25,"description":"","origin":null,"filters":[{"id":280}],"locations":[{"id":2,"name":"Default Location","title":"Default Location","description":""}],"organizations":[{"id":1,"name":"Default Organization","title":"Default Organization","description":""}]} curl -u admin:changeme -X GET --header "Accept:application/jsoUT version=2" https://sat-host/api/v2/filters/280 --insecure {"search":null,"resource_type":"ForemanOpenscap::ArfReport","unlimited?":false,"created_at":"2017-11-15 11:09:57 UTC","updated_at":"2017-11-15 11:09:57 UTC","override?":false,"id":280,"role":{"name":"arf_role","id":25,"description":"","origin":null},"permissions":[{"name":"view_arf_reports","id":263,"resource_type":"ForemanOpenscap::ArfReport"}],"locations":[{"id":2,"name":"Default Location","title":"Default Location","description":""}],"organizations":[{"id":1,"name":"Default Organization","title":"Default Organization","description":""}]} curl -u custom:aa -X GET --header "Accept:application/jsoUT version=2" https://sat-host/api/v2/users/custom --insecure {"firstname":"custom","lastname":"test","mail":"custom","admin":false,"auth_source_id":1,"auth_source_name":"Internal","timezone":"","locale":null,"last_login_on":"2017-11-15 11:10:35 UTC","created_at":"2017-11-15 11:09:02 UTC","updated_at":"2017-11-15 11:09:02 UTC","id":4,"login":"custom","description":"","ssh_keys":[],"default_location":{"id":2,"name":"Default Location","title":"Default Location","description":""},"locations":[{"id":2,"name":"Default Location","title":"Default Location","description":""}],"default_organization":{"id":1,"name":"Default Organization","title":"Default Organization","description":""},"organizations":[{"id":1,"name":"Default Organization","title":"Default Organization","description":""}],"effective_admin":false,"cached_usergroups":[],"auth_source_internal":{"id":1,"type":"AuthSourceInternal","name":"Internal"},"mail_notifications":[],"roles":[{"name":"arf_role","id":25,"description":"","origin":null},{"name":"Default role","id":8,"description":null,"origin":"foreman"}],"usergroups":[]} Marking it as verified, as the view_arf_reports gave expected results
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0336