Managing repositories with their id via hammer does not respect the role filters
|Assigned To:||Brad Buckingham|
|Target version:||Team Brad - Iteration 16|
|Velocity based estimate||-|
|Release||Katello 3.4.3||Release relationship||Auto|
Description of problem:
After settings a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.
Steps to Reproduce:
1. Have repositories from more than 1 Product, by example:
Red Hat Enterprise Linux Server
Red Hat Satellite
Optional -> You can also have 2 Organization and only allow 1 of them through the filter:
2. Create a new role "Custom_bug_role"
3. Create the following 2 filters for that role
Resource type: Organization
Search filter: name = "MyOrg"
Resource type: Product and Repositories
Permission: view_products, edit_products, sync_products
Search filter: name = "Red Hat Enterprise Linux Server"
4. Create a test user and assign the custom role
5. With hammer, list the repository using the test user credentials
A. Listing the repositories works as expected, only "Red Hat Enterprise Linux Server" repositories will be displayed: # hammer -u Test_bug_user -p testbug repository list --organization MyOrg
33 | Red Hat Enterprise Linux 7 Server Kickstart x86_64 7.1 | Red Hat Enterprise Linux Server | yum
27 | Red Hat Enterprise Linux 7 Server - Extras RPMs x86_64 | Red Hat Enterprise Linux Server | yum
B. Showing repository information using it's ID allows the user to see any repository (from any Product or any Organisation), this is not expected: # hammer -u Test_bug_user -p testbug repository info --id 62
Red Hat Repository: no
Content Type: yum
C. Uploading a package to a any repository is also possible using its ID (from any Product or any Organisation), this is not expected: # hammer -u Test_bug_user -p testbug repository upload-content --id 62 --path test.rpm
Successfully uploaded file 'test.rpm'.
It seems like when we specify --product --name --organization, the permission are applied correctly. However, it looks like using their id bypass this.
When using repository id, we can show info from any repository and upload new package to them.
Have the role filters applied on the resource whether we are using the name or the id
#1 Updated by Brad Buckingham 4 months ago
- Subject changed from Managing repositories with their id via hammer does not respect the role filters to Managing repositories with their id via hammer does not respect the role filters
- Priority changed from Urgent to High
- Target version set to Team Brad - Iteration 11
- Release set to Katello 3.4.0