Bug 798803 - role info does not reflect working permissions (permissions query broken?)
role info does not reflect working permissions (permissions query broken?)
Status: CLOSED CURRENTRELEASE
Product: Pulp
Classification: Community
Component: user-experience (Show other bugs)
1.1.0
All All
unspecified Severity high
: ---
: Sprint 34
Assigned To: Jason Connor
Preethi Thomas
: Triaged
Depends On:
Blocks: 813913
  Show dependency treegraph
 
Reported: 2012-02-29 17:26 EST by scressi
Modified: 2014-03-30 21:39 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 813913 (view as bug list)
Environment:
Last Closed: 2012-05-25 10:16:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description scressi 2012-02-29 17:26:25 EST
Description of problem:

granted/revoked priveleges are not reflect on queried role views

Version-Release number of selected component (if applicable):

Current (1.0)

How reproducible:

very

Steps to Reproduce:
1. pulp-admin -u admin -p admin user create --user test --password test
2. pulp-admin -u admin -p admin role create --role test
3. pulp-admin -u admin -p admin role add user --user=test --role=test
4. pulp-admin -u admin -p admin role info --role=test (this should output no permissions)
5. pulp-admin -u admin -p admin permission grant --resource /filters/ --role release -o read
6. pulp-admin -u admin -p admin role info --role=test
7. pulp-admin -u admin -p admin permission revoke --resource /filters/ --role release -o read
6. pulp-admin -u admin -p admin role info --role=test
  
Actual results:

step 6 should not output read permissions, but doesn't, I think the mongo query that retrieves the current role permissions DOESN'T return the proper permissions, but the permissions DO still work

Expected results:

"pulp-admin -u admin -p admin role info --role=test" should output the current working permissions

Additional info:
Comment 1 Jason Connor 2012-04-12 16:38:33 EDT
Following steps 1-6 above, I get the following output on step 6:

$ pulp-admin -u admin -p admin role info --role=test
+------------------------------------------+
          Role Information for test
+------------------------------------------+
Name                	test                     
Users               	test                     
Permissions:
  /filters/                	READ

One thing to note about the instructions above, step 5, the grant is for a role called "resource" where the create and add are for a role called "test"
Comment 2 Jason Connor 2012-04-13 12:04:27 EDT
Continuing on to step 7 results in:


[root@pulp-v1-server ~]# pulp-admin -u admin -p admin permission grant --resource /filters/ --role test -o read
Operations ['READ'] granted to role [ test ] on resource [ /filters/ ]

[root@pulp-v1-server ~]# pulp-admin -u admin -p admin role info --role=test+------------------------------------------+
          Role Information for test
+------------------------------------------+
Name                	test                     
Users               	test                     
Permissions:
  /filters/                	READ                     

[root@pulp-v1-server ~]# pulp-admin -u admin -p admin permission revoke --resource /filters/ --role test -o read
Operations ['READ'] revoked from role [ test ] on resource [ /filters/ ]

[root@pulp-v1-server ~]# pulp-admin -u admin -p admin role info --role=test+------------------------------------------+
          Role Information for test
+------------------------------------------+
Name                	test                     
Users               	test                     
Permissions:
  /filters/                	READ
Comment 3 Jason Connor 2012-04-13 12:06:15 EDT
fix pushed to master in:
ef50effdc11f2ee888c0d1ef7a8ff1c707bcaf17
fix pushed to pulp_v1 in:
8d3be26864a6c2b8e58ed3426e59b09cea094930
Comment 4 Jeff Ortel 2012-04-13 15:05:19 EDT
build: 0.283
Comment 5 Preethi Thomas 2012-04-19 14:29:38 EDT
verified on 1.1

[root@rhel5-pulp ~]# rpm -q pulp
pulp-1.1.3-1
[root@rhel5-pulp ~]# pulp-admin -u admin -p admin user create --user test --password test
Successfully created user [ test ] with name [ None ]

[root@rhel5-pulp ~]# pulp-admin -u admin -p admin role create --role test
Role [ test ] created

[root@rhel5-pulp ~]# pulp-admin -u admin -p admin role add user --user=test --role=test
[ test ] added to role [ test ]

[root@rhel5-pulp ~]# pulp-admin -u admin -p admin role info --role=test
+------------------------------------------+
          Role Information for test
+------------------------------------------+
Name                	test                     
Users               	test                     
Permissions:

[root@rhel5-pulp ~]# pulp-admin -u admin -p admin permission grant --resource /filters/ --role test -o read
Operations ['READ'] granted to role [ test ] on resource [ /filters/ ]

[root@rhel5-pulp ~]# pulp-admin -u admin -p admin role info --role=test+------------------------------------------+
          Role Information for test
+------------------------------------------+
Name                	test                     
Users               	test                     
Permissions:
  /filters/                	READ                     

[root@rhel5-pulp ~]# pulp-admin -u admin -p admin permission revoke --resource /filters/ --role test -o read
Operations ['READ'] revoked from role [ test ] on resource [ /filters/ ]

[root@rhel5-pulp ~]# pulp-admin -u admin -p admin role info --role=test+------------------------------------------+
          Role Information for test
+------------------------------------------+
Name                	test                     
Users               	test                     
Permissions:
Comment 6 Preethi Thomas 2012-05-25 10:16:22 EDT
Pulp v1.1 Release

Note You need to log in before you can comment on or make changes to this bug.