Description of problem: At the present time create_systems permissions (which is given to those wanting to register a system to an environment or an org) automatically gives CRUD permissions for all the systems in Environment/Organizations. To manage systems better we need a more fine grained control. Proposal 1) Change :create_systems verb in environment and org resources to :register_systems . Update the verbs in those models to reflect this. 2) Remove the permission cascade logic in environment/org and systems models
Regarding this issue, I have pushed a simple workaround to allow registration without activation keys. 1634bdc 736384 - workaround for perm. denied for rhsm registration This should be removed when we refactor permissions for system activations.
Ok. After some dicsussion it turns out the best way is to remove create method, remove it from api controllers and create register method instead.
I will assume the current API for subscription manager remains uneffected.
Pushed. eebb966 736141 - Systems Registration perms need to be reworked @Parta - could you review my change please? @Bryan - yes no change in the RHSM API.
And rhsm is also now covered with nice system testing: 089efb4 737563 - adding more rhsm system testing
@Partha - no objections ;-) Putting ON_QA.