1623464 – Tenant administrator can't navigate to Access Control -> Groups; 500 Internal Server Error

Bug 1623464 - Tenant administrator can't navigate to Access Control -> Groups; 500 Internal Server Error

Summary: Tenant administrator can't navigate to Access Control -> Groups; 500 Internal...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat CloudForms Management Engine
Classification:	Red Hat
Component:	Appliance
Sub Component:
Version:	5.10.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	GA
Target Release:	5.10.0
Assignee:	Keenan Brock
QA Contact:	Antonin Pagac
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-08-29 12:32 UTC by Antonin Pagac
Modified:	2019-02-12 16:51 UTC (History)
CC List:	7 users (show)
Fixed In Version:	5.10.0.15
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-02-12 16:51:25 UTC
Category:	---
Cloudforms Team:	---
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
excerpt from production.log (11.49 KB, text/plain) 2018-08-29 12:32 UTC, Antonin Pagac	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1596639	0	high	CLOSED	Tenant admins is not able to see newly created users	2021-12-10 16:31:03 UTC

Internal Links: 1596639

Description Antonin Pagac 2018-08-29 12:32:44 UTC

Created attachment 1479488 [details]
excerpt from production.log

Description of problem:
The tenant administrator can't navigate to Groups. When clicked, internal error appears.

Similar issue for super administrator is described in bz 1593171. That is now fixed and works as expected.

Version-Release number of selected component (if applicable):
5.10.0.12

How reproducible:
Always

Steps to Reproduce:
1. Create a tenant administrator user with:
    Group: EvmGroup-tenant_administrator
    Role: EvmRole-tenant_administrator
2. Login with this user
3. Navigate to Configuration; Access Control -> Groups
4. Internal error appears

Actual results:
Can't navigate to Groups; Internal error appears

Expected results:
Can navigate to Groups

Additional info:
This worked in 5.9.4 - marking as regression.

See also log excerpt from production.log.

Comment 2 Gregg Tanzillo 2018-08-29 12:54:58 UTC

Hi Antonin, do you have the error and backtrace from the log or a set of logs that we can look at?

Comment 5 Keenan Brock 2018-08-30 18:17:34 UTC

Looks like groups, user_roles, and users have this same bug.

Very close to having a fix

Comment 6 CFME Bot 2018-08-30 18:41:28 UTC

https://github.com/ManageIQ/manageiq/pull/17930

Comment 7 CFME Bot 2018-09-07 20:36:21 UTC

New commit detected on ManageIQ/manageiq/master:

https://github.com/ManageIQ/manageiq/commit/9a9b5ddc47ff8baae49ed1a7cba37732d609df11
commit 9a9b5ddc47ff8baae49ed1a7cba37732d609df11
Author:     Keenan Brock <keenan>
AuthorDate: Thu Aug 30 14:18:21 2018 -0400
Commit:     Keenan Brock <keenan>
CommitDate: Thu Aug 30 14:18:21 2018 -0400

    fix: with_role_excluding has bad subquery

    Rbac.filtered/search uses this method to filter by tenant admin
    Unfortunately, the subquery was using the select from the main query and
    producing bad queries

    It is now properly isolating the queries and tests have been added to
    protect against regressions

    https://bugzilla.redhat.com/show_bug.cgi?id=1623464
 app/models/miq_group.rb | 2 +-
 app/models/miq_user_role.rb | 2 +-
 app/models/user.rb | 4 +-
 spec/lib/rbac/filterer_spec.rb | 6 +-
 spec/models/miq_group_spec.rb | 10 +
 spec/models/miq_user_role_spec.rb | 10 +
 spec/models/user_spec.rb | 24 +
 7 files changed, 51 insertions(+), 7 deletions(-)

Comment 8 Keenan Brock 2018-09-10 14:27:54 UTC

this is on master

you should be good to go

Comment 9 Antonin Pagac 2018-09-18 10:20:50 UTC

Verified with 5.10.0.15.

Note You need to log in before you can comment on or make changes to this bug.