Bug 736141 - Systems Registration perms need to be reworked
Summary: Systems Registration perms need to be reworked
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Infrastructure
Version: 6.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
high vote
Target Milestone: Unspecified
Assignee: Lukas Zapletal
QA Contact: Garik Khachikyan
URL:
Whiteboard:
Depends On:
Blocks: katello-blockers
TreeView+ depends on / blocked
 
Reported: 2011-09-06 19:26 UTC by Partha Aji
Modified: 2015-01-04 21:58 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-08-22 17:55:49 UTC


Attachments (Terms of Use)

Description Partha Aji 2011-09-06 19:26:54 UTC
Description of problem:

At the present time create_systems permissions (which is given to those wanting to register a system to an environment or an org) automatically gives CRUD permissions for all the systems in Environment/Organizations. To manage systems better we need a more fine grained control.

Proposal

1) Change :create_systems verb in environment and org resources to :register_systems . Update the verbs in those models to reflect this.
2) Remove the permission cascade logic in environment/org and systems models

Comment 1 Lukas Zapletal 2011-09-07 15:20:25 UTC
Regarding this issue, I have pushed a simple workaround to allow registration without activation keys.

1634bdc 736384 - workaround for perm. denied for rhsm registration

This should be removed when we refactor permissions for system activations.

Comment 2 Lukas Zapletal 2011-09-08 16:46:59 UTC
Ok. After some dicsussion it turns out the best way is to remove create method, remove it from api controllers and create register method instead.

Comment 3 Bryan Kearney 2011-09-08 22:15:26 UTC
I will assume the current API for subscription manager remains uneffected.

Comment 4 Lukas Zapletal 2011-09-13 15:19:29 UTC
Pushed.

eebb966 736141 - Systems Registration perms need to be reworked

@Parta - could you review my change please?

@Bryan - yes no change in the RHSM API.

Comment 5 Lukas Zapletal 2011-09-15 10:24:05 UTC
And rhsm is also now covered with nice system testing:

089efb4 737563 - adding more rhsm system testing

Comment 6 Lukas Zapletal 2011-09-16 12:13:57 UTC
@Partha - no objections ;-) Putting ON_QA.


Note You need to log in before you can comment on or make changes to this bug.