Bug 612710 - Unable to reserve a system with group acls: if the system is currently taken by another
Summary: Unable to reserve a system with group acls: if the system is currently taken ...
Alias: None
Product: Beaker
Classification: Community
Component: lab controller   
(Show other bugs)
Version: 0.5
Hardware: All
OS: Linux
medium vote
Target Milestone: 0.5.52
Assignee: Raymond Mancy
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2010-07-08 20:23 UTC by PaulB
Modified: 2015-05-04 03:32 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-08-05 19:31:58 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description PaulB 2010-07-08 20:23:04 UTC
Description of problem:
I am unable to reserve a system thru Beaker if:
[a] The system is currently taken by another user.
[b] The system has group acls.
[c] I am a member of one of the groups with permissions on the system.

How reproducible:
Steps to Reproduce:
1. Chose a system that has group acls and is currently taken by another user.
2. You must be a member of one of the groups with system permissions.
3. Try a reserve workflow thru Beaker.
4. On the reserve page choose "Show Systems".

Actual results:
The system that you are trying to reserve will not show up in the selection window. Thus, you are unable to queue the reservation.

Expected results:
As I have permissions to the system, the system should appear in the selection window allowing me to queue the reservation.


Comment 2 Bill Peck 2010-08-05 14:08:07 UTC
This is really broken now.  

It looks like this removed the need for users to be in the systems group. 

Ray, can you explain how the case statement is supposed to work?

I think we will need to revert this change if it can't be solved quickly.

Comment 3 Bill Peck 2010-08-05 15:21:02 UTC
Here is my patch.

diff --git a/Server/bkr/server/model.py b/Server/bkr/server/model.py
index 048690e..7a52ae7 100644
--- a/Server/bkr/server/model.py
+++ b/Server/bkr/server/model.py
@@ -1511,17 +1511,21 @@ $SNIPPET("rhts_post")
           If a system is loaned then its only available for that person.
         if systems:
-            query = systems
+            try:
+                query = systems.outerjoin(['groups','users'], aliased=True)
+            except AttributeError, (e):
+                log.error('A non Query object has been passed into the all method, using default quer
+                query = cls.query().outerjoin(['groups','users'], aliased=True)
             query = System.all(user)
         query = query.filter(and_(
-                                case([(System.groups == None,1),(System.groups.any(User.groups.any(Us
+                                             System.groups==None,

Comment 4 Bill Peck 2010-08-05 19:31:58 UTC
0.5.52-3 release

Comment 5 Raymond Mancy 2010-08-05 23:31:55 UTC
The case statement said 

(Systm.groups == None,1)
"If the System has no group, then they can reserve it"

(System.groups.any(User.groups.any(User.user_id == user.user_id)),1)
"If there are any groups of the system that are also groups of the current user, then they can reserve it"

If neither of the above two don't pass then they can't reserve it.

 then OK, If the System has any groups that the user is a part of

Comment 6 Raymond Mancy 2010-08-05 23:38:39 UTC
Can you show me what test case you used?

I ran it against a reserve_workflow and System->Available, I didn't get back any systems that were in groups.

Comment 7 Raymond Mancy 2010-08-05 23:41:07 UTC
Oh I see the patch is already on....nm

Note You need to log in before you can comment on or make changes to this bug.