Bug 698767 - User cannot sync his own public repo
Summary: User cannot sync his own public repo
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: RHQ Project
Classification: Other
Component: Content
Version: 4.0.0
Hardware: Unspecified
OS: Unspecified
medium
unspecified vote
Target Milestone: ---
: ---
Assignee: RHQ Project Maintainer
QA Contact: Corey Welton
URL:
Whiteboard:
Depends On:
Blocks: rhq4 jon3-content
TreeView+ depends on / blocked
 
Reported: 2011-04-21 17:52 UTC by Corey Welton
Modified: 2011-05-24 01:14 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Corey Welton 2011-04-21 17:52:26 UTC
Description of problem:
When a public repo is created for a user, it shows up in his repo view and he has a sync button. However, he gets a permission error when trying to sync

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.  Create user 'joeuser'
2.  As rhqadmin, create a repo, "joeuser's public repo"; assure it is public and owned by joeuser
3.  Login as joeuser
4.  Go to repos view and note the existence of "joeuser's public repo".
5.  Select the repo and attempt to sync it.
  
Actual results:

Failed to delete repositories. Cause: org.rhq.enterprise.server.authz.PermissionException:Subject [joeuser] is not authorized for [MANAGE_REPOSITORIES]: invocation: method=public int org.rhq.enterprise.server.content.RepoManagerBean.synchronizeRepos(org.rhq.core.domain.auth.Subject,int[]) throws java.lang.Exception,context-data={}

Expected results:
Either user should be able to sync, or user should not see the sync button...

Additional info:

Comment 1 Corey Welton 2011-04-21 17:54:31 UTC
Note that the other part of this does work correctly - if "bobuser" goes to repo view, he can see joeuser's public repo but has no sync button.

Comment 2 Charles Crouch 2011-04-22 13:39:27 UTC
Lukas, any impact on the scripts from alerts work?

Comment 3 Lukas Krejci 2011-04-25 08:00:23 UTC
This is a UI omission.

joeuser shouldn't have the sync button available to him unless he has the repo manager permission.

The repos for "ordinary" users are intended for uploading stuff.

Only repository managers can configure repos that get their contents pulled from content sources.

So in other words, there is no impact on the alerts work - this is just a UI bug.

Comment 4 Lukas Krejci 2011-04-25 16:04:45 UTC
commit 3a7c9f5b22134a353e4d7fd6f5cb7a89d26d3b25
Author: Lukas Krejci <lkrejci@redhat.com>
Date:   Mon Apr 25 18:03:33 2011 +0200

    BZ 698767 - only show the sync button in the repo list page if the user is a repo manager.

Comment 5 Mike Foley 2011-04-28 19:20:38 UTC
Documenting the verification as follows:

1) successful sync'ing of repo by rhqadmin

Thu Apr 28 15:19:08 EDT 2011: Start synchronization of Repository [test]
Thu Apr 28 15:19:08 EDT 2011: Getting currently known list of content source packages...

Thu Apr 28 15:19:08 EDT 2011: Repository [test] completed syncing with no errors.


2) no sync button for user who is not a repo manager.

Comment 6 Corey Welton 2011-05-24 01:14:24 UTC
Bookkeeping - closing bug - fixed in recent release.

Comment 7 Corey Welton 2011-05-24 01:14:25 UTC
Bookkeeping - closing bug - fixed in recent release.

Comment 8 Corey Welton 2011-05-24 01:14:25 UTC
Bookkeeping - closing bug - fixed in recent release.


Note You need to log in before you can comment on or make changes to this bug.