Bug #20104

fix_db_cache needs to run with admin permissions

Added by Daniel Lobato Garcia 4 months ago. Updated 3 months ago.

Status:Closed
Priority:Normal
Assigned To:Daniel Lobato Garcia
Category:Database
Target version:-
Difficulty: Bugzilla link:1473910
Found in release:1.15.0 Pull request:https://github.com/theforeman/foreman/pull/4622
Story points-
Velocity based estimate-
Release1.15.2Release relationshipAuto

Description

The rake task 'fix_db_cache' triggers CacheManager, and CacheManager tries to find roles, user groups, etc.. without any permissions. This will cause it to fail with an error similar to https://gist.github.com/52da11cb368ec530bcf0247d3ee38855 .

Many of the actions called by CacheManager, like UsergroupMember.save will have to find objects that needs permissions to be viewed, hence CacheManager has to be called "as_admin".

Associated revisions

Revision c1ca2c0d
Added by Daniel Lobato Garcia 4 months ago

Fixes #20104 - fix_db_cache needs to run as admin

The rake task 'fix_db_cache' triggers CacheManager, and CacheManager
tries to find roles, user groups, etc.. without any permissions. This
will cause it to fail with an error similar to
https://gist.github.com/52da11cb368ec530bcf0247d3ee38855 .

Many of the actions called by CacheManager, like UsergroupMember.save
will have to find objects that needs permissions to be viewed, hence
CacheManager has to be called "as_admin".

Similarly an user may destroy or save a new UsergroupMember. The cache
needs to be updated with information about all user groups in the
system, not only the ones visible to the user making the change.

Revision f9f40395
Added by Daniel Lobato Garcia 4 months ago

Fixes #20104 - fix_db_cache needs to run as admin

The rake task 'fix_db_cache' triggers CacheManager, and CacheManager
tries to find roles, user groups, etc.. without any permissions. This
will cause it to fail with an error similar to
https://gist.github.com/52da11cb368ec530bcf0247d3ee38855 .

Many of the actions called by CacheManager, like UsergroupMember.save
will have to find objects that needs permissions to be viewed, hence
CacheManager has to be called "as_admin".

Similarly an user may destroy or save a new UsergroupMember. The cache
needs to be updated with information about all user groups in the
system, not only the ones visible to the user making the change.

(cherry picked from commit c1ca2c0d10a411f0074939304030449840ecea7c)

History

#1 Updated by Daniel Lobato Garcia 4 months ago

  • Release set to 1.15.2

#2 Updated by The Foreman Bot 4 months ago

  • Status changed from New to Ready For Testing
  • Assigned To set to Daniel Lobato Garcia
  • Pull request https://github.com/theforeman/foreman/pull/4622 added

#3 Updated by Anonymous 4 months ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#4 Updated by Marek Hulán 3 months ago

  • Bugzilla link set to 1473910

Also available in: Atom PDF