Bug 698767 - User cannot sync his own public repo
User cannot sync his own public repo
Product: RHQ Project
Classification: Other
Component: Content (Show other bugs)
Unspecified Unspecified
medium Severity unspecified (vote)
: ---
: ---
Assigned To: RHQ Project Maintainer
Corey Welton
Depends On:
Blocks: rhq4 jon3-content
  Show dependency treegraph
Reported: 2011-04-21 13:52 EDT by Corey Welton
Modified: 2011-05-23 21:14 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Corey Welton 2011-04-21 13:52:26 EDT
Description of problem:
When a public repo is created for a user, it shows up in his repo view and he has a sync button. However, he gets a permission error when trying to sync

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.  Create user 'joeuser'
2.  As rhqadmin, create a repo, "joeuser's public repo"; assure it is public and owned by joeuser
3.  Login as joeuser
4.  Go to repos view and note the existence of "joeuser's public repo".
5.  Select the repo and attempt to sync it.
Actual results:

Failed to delete repositories. Cause: org.rhq.enterprise.server.authz.PermissionException:Subject [joeuser] is not authorized for [MANAGE_REPOSITORIES]: invocation: method=public int org.rhq.enterprise.server.content.RepoManagerBean.synchronizeRepos(org.rhq.core.domain.auth.Subject,int[]) throws java.lang.Exception,context-data={}

Expected results:
Either user should be able to sync, or user should not see the sync button...

Additional info:
Comment 1 Corey Welton 2011-04-21 13:54:31 EDT
Note that the other part of this does work correctly - if "bobuser" goes to repo view, he can see joeuser's public repo but has no sync button.
Comment 2 Charles Crouch 2011-04-22 09:39:27 EDT
Lukas, any impact on the scripts from alerts work?
Comment 3 Lukas Krejci 2011-04-25 04:00:23 EDT
This is a UI omission.

joeuser shouldn't have the sync button available to him unless he has the repo manager permission.

The repos for "ordinary" users are intended for uploading stuff.

Only repository managers can configure repos that get their contents pulled from content sources.

So in other words, there is no impact on the alerts work - this is just a UI bug.
Comment 4 Lukas Krejci 2011-04-25 12:04:45 EDT
commit 3a7c9f5b22134a353e4d7fd6f5cb7a89d26d3b25
Author: Lukas Krejci <lkrejci@redhat.com>
Date:   Mon Apr 25 18:03:33 2011 +0200

    BZ 698767 - only show the sync button in the repo list page if the user is a repo manager.
Comment 5 Mike Foley 2011-04-28 15:20:38 EDT
Documenting the verification as follows:

1) successful sync'ing of repo by rhqadmin

Thu Apr 28 15:19:08 EDT 2011: Start synchronization of Repository [test]
Thu Apr 28 15:19:08 EDT 2011: Getting currently known list of content source packages...

Thu Apr 28 15:19:08 EDT 2011: Repository [test] completed syncing with no errors.

2) no sync button for user who is not a repo manager.
Comment 6 Corey Welton 2011-05-23 21:14:24 EDT
Bookkeeping - closing bug - fixed in recent release.
Comment 7 Corey Welton 2011-05-23 21:14:25 EDT
Bookkeeping - closing bug - fixed in recent release.
Comment 8 Corey Welton 2011-05-23 21:14:25 EDT
Bookkeeping - closing bug - fixed in recent release.

Note You need to log in before you can comment on or make changes to this bug.