801924 – Model integrity sketchy

Bug 801924 - Model integrity sketchy

Summary: Model integrity sketchy

Keywords:
Status:	CLOSED DEFERRED
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Infrastructure
Sub Component:
Version:	6.0.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium vote
Target Milestone:	Unspecified
Assignee:	Lukas Zapletal
QA Contact:	Katello QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-03-09 20:57 UTC by Partha Aji
Modified:	2019-09-26 13:32 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-09-23 15:36:03 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Partha Aji 2012-03-09 20:57:52 UTC

Description of problem:
Many of the models that are part of Katello/SystemEngine do not do integrity checks.
For example

Take ActivationKey
# => ActivationKey(id: integer, name: string, description: string, organization_id: integer, environment_id: integer, system_template_id: integer, created_at: datetime, updated_at: datetime, user_id: integer)

Now there is nothing to check for the fact that the environment_id/system_template_id belong to the same organization as organization_id when we save the model. In the UI we only show the valid values to be selected but  there is nothing preventing the user from sending wrong environment ids. 

This kind of audit probably needs to happen with many other models.

Note You need to log in before you can comment on or make changes to this bug.