Bug 1600095 - Non admin user is unable to see the audits for katello and taxable resources created by admin using Any Location context
Summary: Non admin user is unable to see the audits for katello and taxable resources ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Audit Log
Version: 6.4
Hardware: Unspecified
OS: Unspecified
unspecified
medium vote
Target Milestone: Released
Assignee: Sebastian Gräßl
QA Contact: tstrych
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-07-11 12:07 UTC by Roman Plevka
Modified: 2019-10-07 17:37 UTC (History)
6 users (show)

Fixed In Version: foreman-1.20.0-0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1646740 (view as bug list)
Environment:
Last Closed: 2019-05-14 12:37:33 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:1222 None None None 2019-05-14 12:37:41 UTC
Foreman Issue Tracker 24232 None None None 2018-07-12 06:31:24 UTC

Description Roman Plevka 2018-07-11 12:07:01 UTC
Description of problem:
unlike Admin, a regular user is not able to effectively use "Any Location" context on accessing Katello resources. So if Admin user creates a katello resource while having "Any Location" context set, audits for these actions and resources will not be visible to a regular user.

Version-Release number of selected component (if applicable):
6.4.0-11

How reproducible:
always

Steps to Reproduce:
1. create an organization (o1)
2. clone the "Auditor" role and assign the clone to the org (o1)
2. create a regular user (u1), belonging to org (o1), having "Org Admin" and the auditor clone roles assigned.
3. as an Admin user, set your location context to Any Location and organization context to o1
4. as an Admin user, create some katello resource (e.g. content view) OR architecture.
5. optional: as admin, check that the audits have been created
6. as u1, check the audits

Actual results:
u1 is unable to see any audits related to the resources created|manipulated in step #4 despite the fact that these belong to his organization.

Comment 1 Marek Hulan 2018-07-12 06:27:28 UTC
The problem is that when we list audits, taxonomy default scope is applied since audits are now taxable. But audits for non-taxable resources should also be non-taxable. Therefore, we'll need to start storing information about whether taxonomy is applicable to each audit so we can easily search by that. Note that some resources do not support location but they support organizations so we need to start storing two different flags, e.g. organizations_relevant and locations_relevant.

Comment 2 Marek Hulan 2018-07-12 06:31:23 UTC
Created redmine issue https://projects.theforeman.org/issues/24232 from this bug

Comment 5 pm-sat@redhat.com 2018-10-02 12:09:36 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/24232 has been resolved.

Comment 7 tstrych 2019-03-12 14:05:12 UTC
I tried steps to reproduce on sat-6.4.0 with this package version: foreman-1.18.0 
and I did the same on sat sat-6.5.0 snap 18 with this package version: foreman-1.20.1

Verified

Comment 8 tstrych 2019-03-12 14:06:08 UTC
forgot to change the status

Comment 11 errata-xmlrpc 2019-05-14 12:37:33 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1222


Note You need to log in before you can comment on or make changes to this bug.