Bug 510122 - Cloned errata from a non sharing ORG is showing up in errata search results
Cloned errata from a non sharing ORG is showing up in errata search results
Product: Red Hat Satellite 5
Classification: Red Hat
Component: WebUI (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: John Matthews
John Sefler
Depends On:
Blocks: 457073
  Show dependency treegraph
Reported: 2009-07-07 14:46 EDT by John Sefler
Modified: 2010-07-29 12:36 EDT (History)
3 users (show)

See Also:
Fixed In Version: sat530
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-09-10 15:32:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
ss2 (138.71 KB, image/png)
2009-07-07 14:46 EDT, John Sefler
no flags Details

  None (edit)
Description John Sefler 2009-07-07 14:46:02 EDT
Description of problem:

7/3 build selinux rhel 5

1. created cloned errata
2. wait for search index to capture cloned errata
3. delete clone errata
4. rebuild search index /etc/init.d/rhn-search cleanindex
or wait for indext to rebuild

Expected Results
at this point a errata search should *not* return results w/ the cloned errata.

Actual Results:
cloned errata are returned in results, when the should not be.. because they have been deleted.

Comment 1 John Sefler 2009-07-07 14:46:58 EDT
Created attachment 350846 [details]
Comment 2 John Matthews 2009-07-09 14:20:24 EDT
Turns out the issue here is that cloned errata from a different ORG are showing up in errata search results, then clicking on the result brings up an error page since the errata is not accessible to this org.
Comment 3 John Matthews 2009-07-09 14:30:40 EDT
This is the commit in master which fixes the problem.


The fix is to leverage rhnAvailableChannels in the DB query to filter returned errata to only those that are accessible by the logged in user's org.


-    <query name="PublishedErrata.searchById">

-        <![CDATA[select distinct e.id, e.advisory, e.advisoryName, e.advisoryType, e.synopsis, e.updateDate, e.issueDate

-                       from com.redhat.rhn.domain.errata.impl.PublishedErrata as e

+    <sql-query name="PublishedErrata.searchById">

+        <![CDATA[select distinct e.id, e.advisory, e.advisory_name as advisoryName,

+                    e.advisory_type as advisoryType, e.synopsis as advisorySynopsis,

+                    e.update_date as updateDate, e.issue_date as issueDate

+                from rhnErrata e, rhnChannelErrata CE

                 where e.id IN (:eids)

+                  and CE.errata_id = e.id

+                  and CE.channel_id IN(SELECT channel_id

+                           FROM rhnAvailableChannels

+                           WHERE org_id = :org_id)


-    </query>

+        <return-scalar column="id" type="long" />

+        <return-scalar column="advisory" type="string" />

+        <return-scalar column="advisoryName" type="string" />

+        <return-scalar column="advisoryType" type="string" />

+        <return-scalar column="advisorySynopsis" type="string" />

+        <return-scalar column="updateDate" type="timestamp" />

+        <return-scalar column="issueDate" type="timestamp" />

+    </sql-query>

1. Create a new ORG
2. Clone a Red Hat base channel
3. Allow time for the search index to be updated, or do a "/etc/init.d/rhn-search cleanindex"
4. Verify that when logged into the ORG with the cloned channel you are seeing some Errata of "CLA" in the advisory name
5. Login as a different ORG
6. Execute an errata search, looking for any CLA's.  Verify all CLAs are viewable, as in if you click it, it displays under errata details.

Prior to fix, you would see some CLAs which were for the other ORG, when clicking them the errata/details/Details page would display an error.
Comment 4 John Matthews 2009-07-09 15:18:29 EDT
This is the commit info for Vader

commit f83c19b8bb46935a605618353f3e733eea3fb0f5
Refs: vader, rhn-virtualization-5.3.0-1-158-gf83c19b
Author:     John Matthews <jmatthew@redhat.com>
AuthorDate: Thu Jul 9 14:15:45 2009 -0400
Commit:     John Matthews <jmatthew@redhat.com>
CommitDate: Thu Jul 9 15:11:42 2009 -0400

    510122 -  ErrataSearch now filters results so it won't display errata from a non-sharing Org
 .../redhat/rhn/domain/errata/ErrataFactory.java    |    4 ++-
 .../rhn/domain/errata/impl/PublishedErrata.hbm.xml |   21 ++++++++++++++++---
 .../frontend/action/errata/ErrataSearchAction.java |    8 ++++--
 .../redhat/rhn/manager/errata/ErrataManager.java   |    5 ++-
 .../rhn/manager/errata/test/ErrataManagerTest.java |   17 ++++++++++-----
 5 files changed, 39 insertions(+), 16 deletions(-)
Comment 5 Brad Buckingham 2009-07-10 17:44:00 EDT
verified on Satellite-5.3.0-RHEL5-re20090709.0-i386-embedded-oracle.iso

scenario 1:

1. created cloned errata in org1 and publish it to a channel
2. rebuild search index to index cloned errata
3. performed Advanced Errata Search to locate the cloned errata - errata found
4. delete clone errata
5. performed Advanced Errata Search to locate the cloned errata - errata not found

since the comment in #2 mentions that this was an issue with errata that was in a different org, also ran scenario 2:

1. created cloned errata in org2 and publish it to a channel
2. rebuild search index to index cloned errata
3. performed Advanced Errata Search in org2 to locate the cloned errata - errata found and errata url is valid
4. performed Advanced Errata Search in org1 to locate the cloned errata - errata not found
Comment 6 Petr Sklenar 2009-08-21 07:48:53 EDT
verified again on Satellite-5.3.0-RHEL4-re20090730.0
testing procedure:
1. create my_channel and errata in my_channel
2. clone my_channel (clone_of_mychannel=public channel)
3. clone errata into clone_of_mychannel, published into clone_of_mychannel

1. ORG1 is in trust with clone_of_mychannel
2. see that errata is listed in advanced search or in channel > errata, links works
3. delete clonned errata in clonned_of_mychannel in ORG1
4. ORG2 cannot see that errata

switching release_pending
Comment 7 Brandon Perkins 2009-09-10 15:32:53 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.