Red Hat Bugzilla – Bug 612710
Unable to reserve a system with group acls: if the system is currently taken by another
Last modified: 2015-05-03 23:32:08 EDT
Description of problem: I am unable to reserve a system thru Beaker if: [a] The system is currently taken by another user. [b] The system has group acls. [c] I am a member of one of the groups with permissions on the system. How reproducible: Steps to Reproduce: 1. Chose a system that has group acls and is currently taken by another user. 2. You must be a member of one of the groups with system permissions. 3. Try a reserve workflow thru Beaker. 4. On the reserve page choose "Show Systems". Actual results: The system that you are trying to reserve will not show up in the selection window. Thus, you are unable to queue the reservation. Expected results: As I have permissions to the system, the system should appear in the selection window allowing me to queue the reservation. -pbunyan
Done http://git.fedorahosted.org/git/?p=beaker.git;a=commit;h=e12857e5053f2e218b637681d29184a4439c238f
This is really broken now. It looks like this removed the need for users to be in the systems group. Ray, can you explain how the case statement is supposed to work? I think we will need to revert this change if it can't be solved quickly.
Here is my patch. diff --git a/Server/bkr/server/model.py b/Server/bkr/server/model.py index 048690e..7a52ae7 100644 --- a/Server/bkr/server/model.py +++ b/Server/bkr/server/model.py @@ -1511,17 +1511,21 @@ $SNIPPET("rhts_post") If a system is loaned then its only available for that person. """ if systems: - query = systems + try: + query = systems.outerjoin(['groups','users'], aliased=True) + except AttributeError, (e): + log.error('A non Query object has been passed into the all method, using default quer + query = cls.query().outerjoin(['groups','users'], aliased=True) else: query = System.all(user) query = query.filter(and_( System.status==SystemStatus.by_name(u'Working'), - case([(System.groups == None,1),(System.groups.any(User.groups.any(Us or_(and_(System.owner==user, System.loaned==None), System.loaned==user, and_(System.shared==True, + System.groups==None, System.loaned==None ), and_(System.shared==True,
0.5.52-3 release
The case statement said (Systm.groups == None,1) "If the System has no group, then they can reserve it" (System.groups.any(User.groups.any(User.user_id == user.user_id)),1) "If there are any groups of the system that are also groups of the current user, then they can reserve it" else_=0 If neither of the above two don't pass then they can't reserve it. then OK, If the System has any groups that the user is a part of
Can you show me what test case you used? I ran it against a reserve_workflow and System->Available, I didn't get back any systems that were in groups.
Oh I see the patch is already on....nm