Hide Forgot
Description of problem: While selecting the dropdown listing of errata display under system tab, i got following error in production.log ---- Started GET "/katello/systems/1/errata/status?_=1328599005455" for 10.65.193.48 at Tue Feb 07 07:21:22 -0500 2012 Processing by SystemErrataController#status as JSON Parameters: {"system_id"=>"1", "_"=>"1328599005455"} User reader is not allowed to access system_errata/status User reader is not allowed to access system_errata/status #<Errors::SecurityViolation: User reader is not allowed to access system_errata/status> /usr/share/katello/lib/authorization_rules.rb:31:in `authorize' ---- Version-Release number of selected component (if applicable): katello-0.1.211-2.el6.noarch How reproducible: always Steps to Reproduce: 1. Register a system using admin user 2. Create a read only user 'reader' with 'Read Everything' role 3. login with reader 4. Under systems tab ==> select system ==> on right pane, select 'Errata' 5. Click on drop down list box Actual results: #<Errors::SecurityViolation: User reader is not allowed to access system_errata/status> Expected results: No backtrace should be there in production.log instead of this UI should raise a permission denied message if read only user is not allowed access system errata. Additional info:
Created attachment 559868 [details] Clicking on drop down list box raised security voilation error
Created attachment 559869 [details] Complete error log from production.log
Tested and unable to reproduce. Please re-test in version being built today.
It is still reproducible. --- [ERROR: 2012-03-06 11:55:15 #27366] User reader is not allowed to access system_errata/status [ERROR: 2012-03-06 11:55:15 #27366] User reader is not allowed to access system_errata/status [ERROR: 2012-03-06 11:55:15 #27366] #<Errors::SecurityViolation: User reader is not allowed to access system_errata/status> [ERROR: 2012-03-06 11:55:15 #27366] /usr/share/katello/lib/authorization_rules.rb:31:in `authorize' [ERROR: 2012-03-06 11:55:15 #27366] /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:458:in `_run__625565855__process_action__1696389161__callbacks' [ERROR: 2012-03-06 11:55:15 #27366] /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:221:in `_conditional_callback_around_2775' [ERROR: 2012-03-06 11:55:15 #27366] /usr/share/katello/lib/util/threadsession.rb:79:in `thread_locals' [ERROR: 2012-03-06 11:55:15 #27366] /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:220:in `_conditional_callback_around_2775' [ERROR: 2012-03-06 11:55:15 #27366] /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:451:in `_run__625565855__process_action__1696389161__callbacks' [ --- I tested this today with following builds: [root@perceptor ~]# rpm -qa | grep -ie pulp-1 -ie katello-0 pulp-1.0.0-2.el6.noarch katello-0.2.5-1.el6.noarch Steps to reproduce. 1. Login with admin user 2. Register a system using rhsm 3. Create a read only user reader and assign 'Read Everything' role 4. Login with 'reader' 5. Go to systems tab ==> select the system ==> errata 6. check production.log
Confirmed. I missed the message in the log since the UI behaves normally.
commit 570877cfd57721f946d0504bd1c6aa57d2ab47d5 Author: Tom McKay <thomasmckay> Date: Tue Mar 6 10:34:21 2012 -0500 788008 - do not attempt to poll errata status when user does not have edit permission
Verified in brew build fixed in compose 0.1.303-1.el6