852508 – User limited by role will receive ResourceTypeNotFound in Dashboard#index when logging in

Bug 852508 - User limited by role will receive ResourceTypeNotFound in Dashboard#index when logging in

Summary: User limited by role will receive ResourceTypeNotFound in Dashboard#index whe...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Subscription Asset Manager
Classification:	Retired
Component:	katello
Sub Component:
Version:	1.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Jordan OMara
QA Contact:	Tazim Kolhar
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-08-28 18:15 UTC by Eric Sammons
Modified:	2016-04-26 00:54 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-02-21 19:17:30 UTC
Embargoed:

Attachments	(Terms of Use)
Organisations Access (75.47 KB, image/png) 2012-09-18 09:24 UTC, Tazim Kolhar	no flags	Details
Organisations Access (55.88 KB, image/png) 2012-10-10 07:06 UTC, Tazim Kolhar	no flags	Details
User with read only organisations (72.93 KB, image/png) 2012-10-10 07:11 UTC, Tazim Kolhar	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:0544	0	normal	SHIPPED_LIVE	Important: Subscription Asset Manager 1.2 update	2013-02-26 04:08:04 UTC

Description Eric Sammons 2012-08-28 18:15:40 UTC

Description of problem:
Having established a role with limited permissions and assigning to a user, the assigned user will fail to login receiving the error ResourceTypeNotFound in Dashboard#index.

Version-Release number of selected component (if applicable):
Headpin Version: 1.1.7-1.git.80.a08b40a.fc16

Steps to Reproduce:
1. Create user, orgaccess
2. Create role, org:Acme_Corporation, Resource:Organizations, Verb: Read Organizations.
3. Assign role to orgaccess
4. Logout
5. Login as user orgaccess
  
Actual results:
 ResourceTypeNotFound in Dashboard#index

Showing /usr/share/katello/app/views/common/_header.haml where line #12 raised:

Invalid resource type 'system_groups'. Resource Types can be one of 'roles, providers, activation_keys, users, all, environments, organizations'

Extracted source (around line #12):

9: 
10: = content_for(:tabs) do
11:   - if not current_user.nil?
12:     = render_menu(1)
13: 
14: = content_for(:widgets) do
15:   = hidden_field_tag 'get_notices_url', nil, 'data-url' => notices_get_new_path

Trace of template inclusion: app/views/layouts/katello.haml

Rails.root: /usr/share/katello
Application Trace | Framework Trace | Full Trace

app/models/resource_type.rb:87:in `check_type'
app/models/resource_type.rb:74:in `check'
app/models/user.rb:173:in `allowed_all_tags?'
app/models/user.rb:213:in `allowed_all_tags?'
app/models/system_group.rb:299:in `items'
app/models/system_group.rb:88
app/models/system.rb:167:in `any_readable?'
lib/navigation/systems.rb:35:in `menu_systems_org_list'
app/helpers/menu.rb:70:in `call'
app/helpers/menu.rb:70:in `prune_menu'
app/helpers/menu.rb:67:in `delete_if'
app/helpers/menu.rb:67:in `prune_menu'
app/helpers/menu.rb:76:in `prune_menu'
app/helpers/menu.rb:67:in `delete_if'
app/helpers/menu.rb:67:in `prune_menu'
app/helpers/menu.rb:30:in `render_menu'
app/views/common/_header.haml:12:in `_app_views_common__header_haml__701824947_70233089719660_1096030'
app/views/common/_header.haml:10:in `_app_views_common__header_haml__701824947_70233089719660_1096030'
app/views/layouts/katello.haml:45:in `_app_views_layouts_katello_haml__1375091108_70233089441020_245950'
app/controllers/application_controller.rb:309:in `render_error'
app/controllers/application_controller.rb:307:in `render_error'
app/controllers/application_controller.rb:53:in `__bind_1346177243_891923'
app/controllers/application_controller.rb:566:in `call'
app/controllers/application_controller.rb:566:in `execute_rescue'
app/controllers/application_controller.rb:53:in `__bind_1346177243_891923'

Expected results:
Dashboard, and limited access as defined by the role.

Additional info:
this simply appears to be a case where :widgets may have system_groups still defined and system_groups are not applicable to Headpin (SAM).

Comment 1 Tazim Kolhar 2012-09-18 09:24:33 UTC

Created attachment 613921 [details]
Organisations Access

Could not reproduce with the packages :
# rpm -qa | grep katello
katello-cli-common-1.1.8-1.git.2.a0908e7.fc16.noarch
katello-all-1.1.12-1.git.26.d683e16.fc16.noarch
katello-cli-headpin-1.1.1-1.git.59.e8fe8d3.fc16.noarch
katello-glue-candlepin-1.1.12-1.git.26.d683e16.fc16.noarch
katello-glue-pulp-1.1.12-1.git.26.d683e16.fc16.noarch
katello-1.1.12-1.git.26.d683e16.fc16.noarch
katello-certs-tools-1.1.8-1.fc16.noarch
katello-selinux-1.1.1-1.fc16.noarch
katello-glue-foreman-1.1.12-1.git.26.d683e16.fc16.noarch
katello-configure-1.1.9-1.fc16.noarch
katello-common-1.1.12-1.git.26.d683e16.fc16.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-repos-1.1.2-1.fc16.noarch


Steps used to reproduce:

1. Create user, orgaccess
2. Create role, org:Acme_Corporation, Resource:Organizations, Verb: Read Organizations.
3. Assign role to orgaccess
4. Logout
5. Login as user orgaccess


Actual Results :
Able to login successfully.
ScreenShot attached.


Appears to be fixed

Comment 2 Jordan OMara 2012-09-18 13:26:50 UTC

https://github.com/Katello/katello/pull/636 - pretty confident this fixed this issue

Comment 3 Tazim Kolhar 2012-10-10 07:06:02 UTC

Created attachment 624613 [details]
Organisations Access

VERIFIED with the packages :

# rpm -qa | grep katello
katello-configure-1.1.11-1h.el6_3.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-certs-tools-1.1.8-1h.el6_3.noarch
katello-glue-candlepin-1.1.14-2h.el6_3.noarch
katello-cli-common-1.1.10-1h.el6_3.noarch
katello-selinux-1.1.2-1h.el6_3.noarch
katello-cli-headpin-0.2.2-1.el6_2.noarch
katello-headpin-1.1.14-2h.el6_3.noarch
katello-common-1.1.14-2h.el6_3.noarch
katello-headpin-all-1.1.14-2h.el6_3.noarch

Comment 4 Tazim Kolhar 2012-10-10 07:11:18 UTC

Created attachment 624615 [details]
User with read only organisations

VERIFIED 

# rpm -qa | grep katello
katello-configure-1.1.11-1h.el6_3.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-certs-tools-1.1.8-1h.el6_3.noarch
katello-glue-candlepin-1.1.14-2h.el6_3.noarch
katello-cli-common-1.1.10-1h.el6_3.noarch
katello-selinux-1.1.2-1h.el6_3.noarch
katello-cli-headpin-0.2.2-1.el6_2.noarch
katello-headpin-1.1.14-2h.el6_3.noarch
katello-common-1.1.14-2h.el6_3.noarch
katello-headpin-all-1.1.14-2h.el6_3.noarch

Comment 6 errata-xmlrpc 2013-02-21 19:17:30 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0544.html

Note You need to log in before you can comment on or make changes to this bug.