Bug 439831 - Can't subscribe system to custom channel if base channel is non-globally subscribable
Summary: Can't subscribe system to custom channel if base channel is non-globally subs...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: WebUI
Version: 510
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Justin Sherrill
QA Contact: John Matthews
URL:
Whiteboard:
Depends On:
Blocks: 456985
TreeView+ depends on / blocked
 
Reported: 2008-03-31 16:46 UTC by Justin Sherrill
Modified: 2009-09-10 20:24 UTC (History)
2 users (show)

Fixed In Version: sat530
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-10 20:24:35 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Justin Sherrill 2008-03-31 16:46:25 UTC 
If the RH base channel for a system is set to be non-globally subscribable, then
a regular user who does not have permissions to that channel cannot subscribe a
system (that would normally be associated with that RH Base channel) to a custom
channel.

Steps to reproduce:

1.  Clone the RHEL4 AS i386 channel.
2.  Set the RHEL4 AS i386 channel to be non-globally subscribable (don't give
permissions to anyone)
3.  Register a RHEL 4 AS i386 system making sure that a regular user has access
to the server
4.  Log in as the regular user (that does not have subscribe access to the RH
base channel, but does to the clone)
5.  Try to go to the "Alter channels  page" in the SDC for the registered system

Expected results:
can reach that page, and can change system to custom base channel.

Actual results:
Channel not found permissions page


It does not matter if the system is registered to the clone or the RH base
channel, the basic user cannot reach that page because the RH Base channel
*WOULD* appear on it if the user had access.

Because it would appear there, it seems a permissions check is occuring.
Comment 2 Justin Sherrill 2009-02-18 20:11:07 UTC 
commit	2f4f2d93854a3fe935de1ada3b6e9b0d8f04db8c

tree	b34df735c1e20ea8f59c5a6e1805edaa8ef93e87	tree | snapshot

parent	f16bad7cd1d3d5790b49f3eab252724fdfc2a675	commit | diff


Problem was in SSM as well.  Fixed there.
Comment 4 John Sefler 2009-08-31 14:39:09 UTC 
Verified on staged (Satellite-5.3.0-RHEL5-re20090724.0) with updates from Aug 20, 2009

When the regular user attempts to "Alter Channel Subscriptions" on a system whose base channel has been set to "Only selected users within your organization may subscribe to this channel.", the available base channels offered to the user are only those that the user has access to.  The system's current base channel is not presented as a selectable base channel.  This is the expected behaviour since the user has not been granted as a subscriber of the channel.  Without altering the base channel, if the regular user clicks on the base channel in the system's Details > Overview page, the user is presented a page that says:

We're sorry, but the channel could not be found.

This error may have occurred in one of three ways:

   1. The channel requested does not exist. This is most likely if you arrived at this page through bookmarks or some other non-hyperlink.
   2. You do not have permission to view this channel.
   3. You've found an error in our site.


This is the correct and expected behaviour.

moving to RELEASE_PENDING
Comment 5 Brandon Perkins 2009-09-10 20:24:35 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-1434.html
Note You need to log in before you can comment on or make changes to this bug.