Bug 801924 - Model integrity sketchy
Summary: Model integrity sketchy
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Infrastructure
Version: 6.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium vote
Target Milestone: Unspecified
Assignee: Lukas Zapletal
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-03-09 20:57 UTC by Partha Aji
Modified: 2019-09-26 13:32 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-09-23 15:36:03 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Partha Aji 2012-03-09 20:57:52 UTC
Description of problem:
Many of the models that are part of Katello/SystemEngine do not do integrity checks.
For example

Take ActivationKey
# => ActivationKey(id: integer, name: string, description: string, organization_id: integer, environment_id: integer, system_template_id: integer, created_at: datetime, updated_at: datetime, user_id: integer)

Now there is nothing to check for the fact that the environment_id/system_template_id belong to the same organization as organization_id when we save the model. In the UI we only show the valid values to be selected but  there is nothing preventing the user from sending wrong environment ids. 

This kind of audit probably needs to happen with many other models.


Note You need to log in before you can comment on or make changes to this bug.