Description of problem: If you grant a user the "register system" permission, and he only knows the *name* of the environment he wishes to register to, he cannot register. The API to look up the ID of the environment is off-limits. Version-Release number of selected component (if applicable): katello-0.1.115-1.git.4.fc070ec.el6.x86_64 How reproducible: Steps to Reproduce: 1. Create a role with perm Global/Organizations/Register System only, and assign a user to only this role 2. Try to register with RHSM (or at a lower level, try to look up the ID of the environment via the API) 3. Actual results: cannot register Expected results: register succeeds Additional info: [root@katello-test-rhel6-1 ca]# subscription-manager register --username user-perm-1322498127482 --password password --org ACME_Corporation --env Development User user-perm-1322498127482 is not allowed to access api/environments/index Started GET "/katello//api/organizations/ACME_Corporation/environments?name=Development" for 10.16.120.31 at Mon Nov 28 11:35:45 -0500 2011 Processing by Api::EnvironmentsController#index as JSON Parameters: {"name"=>"Development", "organization_id"=>"ACME_Corporation"} Errors::SecurityViolation: User user-perm-1322498127482 is not allowed to access api/environments/index /usr/share/katello/lib/authorization_rules.rb:31:in `authorize' /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:448:in `_run__856191886__process_action__199225275__callbacks' /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:221:in `_conditional_callback_around_2122' /usr/share/katello/lib/util/threadsession.rb:79:in `thread_locals' /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:220:in `_conditional_callback_around_2122' /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:441:in `_run__856191886__process_action__199225275__callbacks' /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:410:in `send'
[root@ofed ~]# subscription-manager register --username register_system --password register_system --org ACME_Corporation --env env The system has been registered with id: 3b384ad5-1ff2-4aac-8fbd-663d006f353d [root@ofed ~]# rpm -q katello katello-0.1.187-1.git.1.2d46557.el6.noarch 2d46557 757775 - allowing rhsm to register systems
Blocked, cannot test
Oops wrong bug, ignore last comment
QA Verified, now able to register a system via RHSM using an account which has only "Register System" permissions.