Bug #20165

API - non-admin user can't create entities within org and loc he belongs to

Added by Marek Hulán 7 months ago. Updated 7 months ago.

Status:Closed
Priority:Normal
Assigned To:Marek Hulán
Category:Organizations and Locations
Target version:-
Difficulty: Bugzilla link:1464137
Found in release: Pull request:https://github.com/theforeman/foreman/pull/4632
Story points-
Velocity based estimate-
Release1.16.0Release relationshipAuto

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1464137

Description of problem:
Newly created non-admin user with create permissions can't create entity within organization and location he belongs to (in example below it is Subnet and 'create_subnets'). Other entities affected as well (tested with Subnet, Host and Domain).

Making HTTP POST request to https://sat6.com/api/v2/users with options... and data {"user": {..., "location_ids": [491], "organization_ids": [490]}}.

Received HTTP 201 response: {"default_location":null,"locations":[{"id":491,"name":"OgyTrUojzLM","title":"OgyTrUojzLM","description":null}],"default_organization":null,"organizations":[{"id":490,"name":"hfspaJbBY","title":"hfspaJbBY","description":null}],...}

Making HTTP POST request to https://sat6.com/api/v2/subnets with options ... and data {"subnet": {..., "location_ids": [491], "organization_ids": [490]}}.

Received HTTP 422 response: {
"error": {"id":null,"errors":{"organization_ids":["Invalid organizations selection, you must select at least one of yours"],"location_ids":["Invalid locations selection, you must select at least one of yours"]},"full_messages":["Organization ids Invalid organizations selection, you must select at least one of yours","Location ids Invalid locations selection, you must select at least one of yours"]}

Version-Release number of selected component (if applicable):
Satellite 6.3 Snap 3.0:
  • satellite-6.3.0-15.0.beta.el7sat.noarch
  • foreman-1.15.0-1.el7sat.noarch
  • katello-3.4.1-1.el7sat.noarch

How reproducible:
Always

Steps to Reproduce:
1. Create non-admin user with org and loc and grant create permissions (e.g. create_domains)
2. Try to create entity (e.g. Domain)
3. Check whether it was created or error is raised

Actual results:
422 error

Expected results:
Entity should be created

Additional info:

It's caused by the fact the user was not granted "assign_location" and "assign_organization". This is "expected behavior" but the error message should be updated to better explain what's going on.

Associated revisions

Revision 523d8010
Added by Marek Hulán 7 months ago

Fixes #20165 - improve org/loc error messages

History

#1 Updated by The Foreman Bot 7 months ago

  • Status changed from New to Ready For Testing
  • Assigned To set to Marek Hulán
  • Pull request https://github.com/theforeman/foreman/pull/4632 added

#2 Updated by Anonymous 7 months ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#3 Updated by Marek Hulán 7 months ago

  • Subject changed from API - non-admin user can't create entities within org and loc he belongs to to API - non-admin user can't create entities within org and loc he belongs to
  • Release set to 1.16.0

Also available in: Atom PDF