Bug 698756 - User with repo manager permissions cannot edit a private repo [created for someone else?]
User with repo manager permissions cannot edit a private repo [created for so...
Status: CLOSED CURRENTRELEASE
Product: RHQ Project
Classification: Other
Component: Content (Show other bugs)
4.0.0
Unspecified Unspecified
high Severity unspecified (vote)
: ---
: ---
Assigned To: Lukas Krejci
Corey Welton
:
Depends On:
Blocks: rhq4 jon3-content
  Show dependency treegraph
 
Reported: 2011-04-21 13:23 EDT by Corey Welton
Modified: 2011-05-23 21:17 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Corey Welton 2011-04-21 13:23:33 EDT
Description of problem:
Even if a user has repo mgr permissions, if he sets up a private repo for another user, he gets a permission error trying to access it.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.  Create two users, "repomgr" and "joeuser".  Grant "repomgr" Repo Manager permissions.  Grant no rights to "joeuser"
2.  Login as repomgr and create a new repo, "private repo". Make this repo private and set the owner to "joeuser".
3.  Navigate back to the Repositories main view.
4. Click the "private repo" link.
  
Actual results:
PermissionException
Subject [repomgr] is not authorized for [MANAGE_INVENTORY]: invocation: method=public org.rhq.core.domain.util.PageList<org.rhq.core.domain.resource.Resource> org.rhq.enterprise.server.content.RepoManagerBean.findSubscribedResources(org.rhq.core.domain.auth.Subject,int,org.rhq.core.domain.util.PageControl),context-data={}

Expected results:
It would seem that anyone with repo mgr permissions should be able to see the repo, even if it is private?  Failing that, it shouldn't show up in the user's list.

Additional info:
Comment 1 Corey Welton 2011-04-21 13:27:34 EDT
Actually it appears that user repomgr cannot access any repo made private, even if it is owned by himself!
Comment 2 Corey Welton 2011-04-21 13:29:03 EDT
...or any repo, private or not.
Comment 3 Charles Crouch 2011-04-22 09:39:55 EDT
Lukas, any impact on the scripts from alerts work?
Comment 4 Charles Crouch 2011-04-25 11:43:16 EDT
(10:20:52 AM) ccrouch: lkrejci: any comments for https://bugzilla.redhat.com/show_bug.cgi?id=698756
(10:21:55 AM) lkrejci: ccrouch: i believe that has the same cause as https://bugzilla.redhat.com/show_bug.cgi?id=698760
(10:22:16 AM) lkrejci: and that's the fact that i borked the conversion from repo.xhtml to repo-plain.xhtml
(10:22:28 AM) lkrejci: it's a super easy fix, i will commit it shortly
Comment 5 Lukas Krejci 2011-04-25 11:57:42 EDT
commit 75d48dacc84f2d0020f93f6849367e267588b020
Author: Lukas Krejci <lkrejci@redhat.com>
Date:   Mon Apr 25 17:55:08 2011 +0200

    BZ 698760, BZ 698756 - polishing the repo details page.
    Edit mode wasn't functioning due to missed out parameter definitions during conversion from repo.xhtml to repo-plain.xhtml.
    The "private" toggle in edit mode wasn't working due to usage of wrong UI bean (a copy&paste bug)
    The user with repo manager privs can view any repo now even if s/he isn't an inventory manager - wrong perm check used in the UI.
Comment 6 Mike Foley 2011-05-03 09:20:54 EDT
This is verified RHQ 4.0 released version, as follows:  followed the steps to reproduce documented above and observed the correct behavior.  the repomgr (with repo permissions) could view and edit the private repo owned by repouser.  the repo user (with no repo permissions) could view and edit the private repo owned by him.  another repo user, repouser2, with no permsissions  who did not own the private repo could not view the private repo.
Comment 7 Corey Welton 2011-05-23 21:17:34 EDT
Bookkeeping - closing bug - fixed in recent release.
Comment 8 Corey Welton 2011-05-23 21:17:35 EDT
Bookkeeping - closing bug - fixed in recent release.
Comment 9 Corey Welton 2011-05-23 21:17:35 EDT
Bookkeeping - closing bug - fixed in recent release.
Comment 10 Corey Welton 2011-05-23 21:17:36 EDT
Bookkeeping - closing bug - fixed in recent release.

Note You need to log in before you can comment on or make changes to this bug.