Bug 2105915 - Allow specific permissions to be excluded from being added to default roles
Summary: Allow specific permissions to be excluded from being added to default roles
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Provisioning
Version: 6.8.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: 6.12.0
Assignee: Adam Ruzicka
QA Contact: sganar
Depends On:
TreeView+ depends on / blocked
Reported: 2022-07-11 07:41 UTC by Leos Stejskal
Modified: 2022-07-11 13:14 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2022-07-11 13:14:31 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 34329 0 Normal Closed Allow specific permissions to be excluded from being added to default roles 2022-07-11 07:41:11 UTC
Red Hat Bugzilla 2104339 0 high CLOSED Failed to upgrade: ERF73-0602 [Foreman::PermissionMissingException]: some permissions were not found: ["view_puppetclass... 2023-09-12 08:41:16 UTC

Description Leos Stejskal 2022-07-11 07:41:09 UTC
If I understood the permission related helpers in app/registries/plugin.rb we have a couple options:

1) add_permissions_to_default_roles - Here I'd need to list ALL the permissions except the one I don't want included. Also one needs to separate the different permissions for viewer/manager by hand. Apart from it being ugly, I couldn't manage to get it working at all. All attempts failed with
foreman/app/models/role.rb:336:in `permission_records': ERF73-0602 [Foreman::PermissionMissingException]: »some permissions were not found: []« (Foreman::PermissionMissingException)

2) add_resource_permissions_to_default_roles - Here I'd need to list all the resources and according to the comment above the method I should be able to pass an array of permissions to be excluded. Sounds good, doesn't work. Interestingly enough, all attempts failed with the same error as option 1.

Here I propose to add a keyword argument "except" to add_all_permissions_to_default_roles, which would prevent listed permissions from being added to the default roles. It is more inline with the idea of "add all permissions except for the selected few" rather than "to exclude this permission, I need to explicitly state all that should be included"

Comment 1 Leos Stejskal 2022-07-11 07:41:14 UTC
Created from redmine issue https://projects.theforeman.org/issues/34329

Comment 2 Leos Stejskal 2022-07-11 07:41:15 UTC
Upstream bug assigned to aruzicka

Comment 3 Bryan Kearney 2022-07-11 08:04:53 UTC
Upstream bug assigned to aruzicka

Comment 4 Bryan Kearney 2022-07-11 08:04:54 UTC
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/34329 has been resolved.

Comment 5 Leos Stejskal 2022-07-11 13:14:31 UTC
Closing the BZ,
we decided to not cherry-pick it to 6.11

Note You need to log in before you can comment on or make changes to this bug.