Bug 1771937 - Creating a new product by limited permissions user fails with error "NoMethodError: undefined method `[]' for nil:NilClass"
Summary: Creating a new product by limited permissions user fails with error "NoMetho...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Content Management
Version: 6.4
Hardware: Unspecified
OS: Unspecified
unspecified
high vote
Target Milestone: 6.7.0
Assignee: Partha Aji
QA Contact: Lai
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-11-13 09:52 UTC by Ahmed Eladawy
Modified: 2020-04-14 13:27 UTC (History)
2 users (show)

Fixed In Version: tfm-rubygem-katello-3.14.0.1-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-14 13:27:10 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Foreman Issue Tracker 28413 Normal Closed Creating a new product by limited permissions user fails with error "NoMethodError: undefined method `[]' for nil:NilCla... 2020-04-20 09:48:38 UTC
Red Hat Product Errata RHSA-2020:1454 None None None 2020-04-14 13:27:20 UTC

Description Ahmed Eladawy 2019-11-13 09:52:56 UTC
Description of problem:

Creating a new product by limited permissions user fails  with error "NoMethodError: undefined method `[]' for nil:NilClass"

The user has been assigned to a custom role with the following filter :

Resource			Permissions			Search	
	
Product and Repositories	export_products, 		N/A
				sync_products, 
				destroy_products, 
				edit_products, 
				create_products,
				view_products

The product is created even with the error on step "Actions::Katello::Product::ReindexSubscriptions" and the task becomes on paused state and the product can not be deleted until cleaning up the task.

The product is successfully created with no errors when the following filter is added to the role:

Resource	Permissions	
Subscription	view_subscriptions

Version-Release number of selected component (if applicable):

Red Hat satellite 6.4.4-2


How reproducible:

100%

Steps to Reproduce:

1.Create a role ROLE1 with the following filters :

Resource			Permissions			Search	
	
Product and Repositories	export_products, 		N/A
				sync_products, 
				destroy_products, 
				edit_products, 
				create_products,
				view_products


2. Create a new user and assign ROLE1 to it.

3.Login using the new user and try to create a new product.


Actual results:

The product is created but with the following error and the task becomes on paused state.

An error occurred while saving the Product: 0 Task XXXXX: NoMethodError: undefined method `[]' for nil:NilClass

Expected results:
If a subscription permission is needed , the product creation task can not be started or exit with clear error.

Additional info:

The product is successfully created with no errors when the following filter is added to the role:

Resource	Permissions	
Subscription	view_subscriptions

Comment 3 Partha Aji 2019-12-03 19:42:00 UTC
Connecting redmine issue https://projects.theforeman.org/issues/28413 from this bug

Comment 4 Bryan Kearney 2019-12-03 21:04:27 UTC
Upstream bug assigned to paji@redhat.com

Comment 5 Bryan Kearney 2019-12-03 21:04:29 UTC
Upstream bug assigned to paji@redhat.com

Comment 6 Bryan Kearney 2019-12-10 19:03:49 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/28413 has been resolved.

Comment 8 Lai 2020-01-07 19:38:26 UTC
Steps to Test:

1.Create a role ROLE1 with the following filters :

Resource			Permissions			Search	
	
Product and Repositories	export_products, 		N/A
				sync_products, 
				destroy_products, 
				edit_products, 
				create_products,
				view_products


2. Create a new user and assign ROLE1 to it.

3. Login using the new user and try to create a new product.


Actual results:
Product is successfully created.  Checked the tasks and it shows that the product was successfully created.

Expected results:
Product is successfully created.  Checked the tasks and it shows that the product was successfully created.

Tested on 6.7.0_07

Marking issue as verified.

Comment 11 errata-xmlrpc 2020-04-14 13:27:10 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1454


Note You need to log in before you can comment on or make changes to this bug.