Bug 1568013 - CloudForms 4.6 - filtering based on tags does not work for catalog items
Summary: CloudForms 4.6 - filtering based on tags does not work for catalog items
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Appliance
Version: 5.9.0
Hardware: All
OS: Linux
high
high
Target Milestone: GA
: 5.10.0
Assignee: Libor Pichler
QA Contact: Landon LaSmith
URL:
Whiteboard:
Depends On:
Blocks: 1570118
TreeView+ depends on / blocked
 
Reported: 2018-04-16 15:13 UTC by jritenou
Modified: 2019-02-11 14:07 UTC (History)
16 users (show)

Fixed In Version: 5.10.0.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1570118 (view as bug list)
Environment:
Last Closed: 2019-02-11 14:07:06 UTC
Category: ---
Cloudforms Team: ---
Target Upstream Version:


Attachments (Terms of Use)

Description jritenou 2018-04-16 15:13:03 UTC
Description of problem: In CloudForms 4.6 (both GA & errata release 1), when I create a group that is using a role that has VM access restrictions set to anything other than "none", users of the group cannot see any catalog items.  Applying a tag to the group's filtering, and then applying the same tag to the catalog item does not make it visible, as it as in previous versions of CloudForms


Version-Release number of selected component (if applicable): GA & errata 1


How reproducible: Always


Steps to Reproduce:
1. Create group assigned to a role with VM access restriction set to "Only User Owned" or "Only User or Group Owned". 
2. Set a filtering tag for the group under "This user is limited to items with the selected tags."
3. Assign that same tag to a catalog item.

Actual results: Catalog item should be visible to users of this group


Expected results: Catalog item is not visible to users of the group


Additional info: Have obserbed this in 3 different environments so far - one upgrade from 4.5 (where it previously worked) to 4.6 GA, and one new deployment of 4.6 GA and 4.6 errata 1 each.

Comment 2 Greg McCullough 2018-04-16 16:45:12 UTC
Changing component to Appliance to review as it appears to be an RBAC issue.

Comment 17 Landon LaSmith 2018-06-29 21:07:50 UTC
VERIFIED in 5.10.0.2. A restricted user (ownership and tagging) can see catalog items that are not user/group owned when they both have the same tag


Note You need to log in before you can comment on or make changes to this bug.