Bug 612710 - Unable to reserve a system with group acls: if the system is currently taken by another
Unable to reserve a system with group acls: if the system is currently taken ...
Status: CLOSED CURRENTRELEASE
Product: Beaker
Classification: Community
Component: lab controller (Show other bugs)
0.5
All Linux
low Severity medium (vote)
: 0.5.52
: ---
Assigned To: Raymond Mancy
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-08 16:23 EDT by PaulB
Modified: 2015-05-03 23:32 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-08-05 15:31:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description PaulB 2010-07-08 16:23:04 EDT
Description of problem:
I am unable to reserve a system thru Beaker if:
[a] The system is currently taken by another user.
[b] The system has group acls.
[c] I am a member of one of the groups with permissions on the system.

How reproducible:
Steps to Reproduce:
1. Chose a system that has group acls and is currently taken by another user.
2. You must be a member of one of the groups with system permissions.
3. Try a reserve workflow thru Beaker.
4. On the reserve page choose "Show Systems".

Actual results:
The system that you are trying to reserve will not show up in the selection window. Thus, you are unable to queue the reservation.

Expected results:
As I have permissions to the system, the system should appear in the selection window allowing me to queue the reservation.

-pbunyan
Comment 2 Bill Peck 2010-08-05 10:08:07 EDT
This is really broken now.  

It looks like this removed the need for users to be in the systems group. 

Ray, can you explain how the case statement is supposed to work?

I think we will need to revert this change if it can't be solved quickly.
Comment 3 Bill Peck 2010-08-05 11:21:02 EDT
Here is my patch.

diff --git a/Server/bkr/server/model.py b/Server/bkr/server/model.py
index 048690e..7a52ae7 100644
--- a/Server/bkr/server/model.py
+++ b/Server/bkr/server/model.py
@@ -1511,17 +1511,21 @@ $SNIPPET("rhts_post")
           If a system is loaned then its only available for that person.
         """
         if systems:
-            query = systems
+            try:
+                query = systems.outerjoin(['groups','users'], aliased=True)
+            except AttributeError, (e):
+                log.error('A non Query object has been passed into the all method, using default quer
+                query = cls.query().outerjoin(['groups','users'], aliased=True)
         else:
             query = System.all(user)
        
         query = query.filter(and_(
                                 System.status==SystemStatus.by_name(u'Working'),
-                                case([(System.groups == None,1),(System.groups.any(User.groups.any(Us
                                     or_(and_(System.owner==user,
                                              System.loaned==None), 
                                         System.loaned==user,
                                         and_(System.shared==True, 
+                                             System.groups==None,
                                              System.loaned==None
                                         ),
                                         and_(System.shared==True,
Comment 4 Bill Peck 2010-08-05 15:31:58 EDT
0.5.52-3 release
Comment 5 Raymond Mancy 2010-08-05 19:31:55 EDT
The case statement said 

(Systm.groups == None,1)
"If the System has no group, then they can reserve it"

(System.groups.any(User.groups.any(User.user_id == user.user_id)),1)
"If there are any groups of the system that are also groups of the current user, then they can reserve it"

else_=0
If neither of the above two don't pass then they can't reserve it.

 then OK, If the System has any groups that the user is a part of
Comment 6 Raymond Mancy 2010-08-05 19:38:39 EDT
Can you show me what test case you used?

I ran it against a reserve_workflow and System->Available, I didn't get back any systems that were in groups.
Comment 7 Raymond Mancy 2010-08-05 19:41:07 EDT
Oh I see the patch is already on....nm

Note You need to log in before you can comment on or make changes to this bug.