Description of problem: Having established a role with limited permissions and assigning to a user, the assigned user will fail to login receiving the error ResourceTypeNotFound in Dashboard#index. Version-Release number of selected component (if applicable): Headpin Version: 1.1.7-1.git.80.a08b40a.fc16 Steps to Reproduce: 1. Create user, orgaccess 2. Create role, org:Acme_Corporation, Resource:Organizations, Verb: Read Organizations. 3. Assign role to orgaccess 4. Logout 5. Login as user orgaccess Actual results: ResourceTypeNotFound in Dashboard#index Showing /usr/share/katello/app/views/common/_header.haml where line #12 raised: Invalid resource type 'system_groups'. Resource Types can be one of 'roles, providers, activation_keys, users, all, environments, organizations' Extracted source (around line #12): 9: 10: = content_for(:tabs) do 11: - if not current_user.nil? 12: = render_menu(1) 13: 14: = content_for(:widgets) do 15: = hidden_field_tag 'get_notices_url', nil, 'data-url' => notices_get_new_path Trace of template inclusion: app/views/layouts/katello.haml Rails.root: /usr/share/katello Application Trace | Framework Trace | Full Trace app/models/resource_type.rb:87:in `check_type' app/models/resource_type.rb:74:in `check' app/models/user.rb:173:in `allowed_all_tags?' app/models/user.rb:213:in `allowed_all_tags?' app/models/system_group.rb:299:in `items' app/models/system_group.rb:88 app/models/system.rb:167:in `any_readable?' lib/navigation/systems.rb:35:in `menu_systems_org_list' app/helpers/menu.rb:70:in `call' app/helpers/menu.rb:70:in `prune_menu' app/helpers/menu.rb:67:in `delete_if' app/helpers/menu.rb:67:in `prune_menu' app/helpers/menu.rb:76:in `prune_menu' app/helpers/menu.rb:67:in `delete_if' app/helpers/menu.rb:67:in `prune_menu' app/helpers/menu.rb:30:in `render_menu' app/views/common/_header.haml:12:in `_app_views_common__header_haml__701824947_70233089719660_1096030' app/views/common/_header.haml:10:in `_app_views_common__header_haml__701824947_70233089719660_1096030' app/views/layouts/katello.haml:45:in `_app_views_layouts_katello_haml__1375091108_70233089441020_245950' app/controllers/application_controller.rb:309:in `render_error' app/controllers/application_controller.rb:307:in `render_error' app/controllers/application_controller.rb:53:in `__bind_1346177243_891923' app/controllers/application_controller.rb:566:in `call' app/controllers/application_controller.rb:566:in `execute_rescue' app/controllers/application_controller.rb:53:in `__bind_1346177243_891923' Expected results: Dashboard, and limited access as defined by the role. Additional info: this simply appears to be a case where :widgets may have system_groups still defined and system_groups are not applicable to Headpin (SAM).
Created attachment 613921 [details] Organisations Access Could not reproduce with the packages : # rpm -qa | grep katello katello-cli-common-1.1.8-1.git.2.a0908e7.fc16.noarch katello-all-1.1.12-1.git.26.d683e16.fc16.noarch katello-cli-headpin-1.1.1-1.git.59.e8fe8d3.fc16.noarch katello-glue-candlepin-1.1.12-1.git.26.d683e16.fc16.noarch katello-glue-pulp-1.1.12-1.git.26.d683e16.fc16.noarch katello-1.1.12-1.git.26.d683e16.fc16.noarch katello-certs-tools-1.1.8-1.fc16.noarch katello-selinux-1.1.1-1.fc16.noarch katello-glue-foreman-1.1.12-1.git.26.d683e16.fc16.noarch katello-configure-1.1.9-1.fc16.noarch katello-common-1.1.12-1.git.26.d683e16.fc16.noarch katello-candlepin-cert-key-pair-1.0-1.noarch katello-repos-1.1.2-1.fc16.noarch Steps used to reproduce: 1. Create user, orgaccess 2. Create role, org:Acme_Corporation, Resource:Organizations, Verb: Read Organizations. 3. Assign role to orgaccess 4. Logout 5. Login as user orgaccess Actual Results : Able to login successfully. ScreenShot attached. Appears to be fixed
https://github.com/Katello/katello/pull/636 - pretty confident this fixed this issue
Created attachment 624613 [details] Organisations Access VERIFIED with the packages : # rpm -qa | grep katello katello-configure-1.1.11-1h.el6_3.noarch katello-candlepin-cert-key-pair-1.0-1.noarch katello-certs-tools-1.1.8-1h.el6_3.noarch katello-glue-candlepin-1.1.14-2h.el6_3.noarch katello-cli-common-1.1.10-1h.el6_3.noarch katello-selinux-1.1.2-1h.el6_3.noarch katello-cli-headpin-0.2.2-1.el6_2.noarch katello-headpin-1.1.14-2h.el6_3.noarch katello-common-1.1.14-2h.el6_3.noarch katello-headpin-all-1.1.14-2h.el6_3.noarch
Created attachment 624615 [details] User with read only organisations VERIFIED # rpm -qa | grep katello katello-configure-1.1.11-1h.el6_3.noarch katello-candlepin-cert-key-pair-1.0-1.noarch katello-certs-tools-1.1.8-1h.el6_3.noarch katello-glue-candlepin-1.1.14-2h.el6_3.noarch katello-cli-common-1.1.10-1h.el6_3.noarch katello-selinux-1.1.2-1h.el6_3.noarch katello-cli-headpin-0.2.2-1.el6_2.noarch katello-headpin-1.1.14-2h.el6_3.noarch katello-common-1.1.14-2h.el6_3.noarch katello-headpin-all-1.1.14-2h.el6_3.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0544.html