Project

General

Profile

Actions

Bug #5909

closed

Editing host fails for non-admin user with fact filter

Added by m w almost 10 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Users, Roles and Permissions
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

When a non-administrator tries edit anything about a host, this error is displayed. This includes, but is not limited to, adding or removing a class from a host, changing a parameter, or adding a comment. Role filters are attached as a screenshot.

ActiveRecord::ReadOnlyRecord
ActiveRecord::ReadOnlyRecord
app/models/concerns/foreman/sti.rb:29:in `save_with_type'
app/controllers/hosts_controller.rb:117:in `block in update'
app/models/taxonomy.rb:41:in `block in no_taxonomy_scope'
app/models/taxonomy.rb:48:in `block (2 levels) in as_taxonomy'
app/models/concerns/foreman/thread_session.rb:143:in `as_location'
app/models/taxonomy.rb:47:in `block in as_taxonomy'
app/models/concerns/foreman/thread_session.rb:108:in `as_org'
app/models/taxonomy.rb:46:in `as_taxonomy'
app/models/taxonomy.rb:40:in `no_taxonomy_scope'
app/controllers/hosts_controller.rb:109:in `update'
app/models/concerns/foreman/thread_session.rb:33:in `clear_thread'
lib/middleware/catch_json_parse_errors.rb:9:in `call'


Files


Related issues 1 (1 open0 closed)

Blocks Foreman - Tracker #4552: New permissions/authorization system issuesNew

Actions
Actions #1

Updated by m w almost 10 years ago

This is version 1.5.0 installed from rpm

Actions #2

Updated by m w almost 10 years ago

Started PUT "/hosts/abacus0.isis.unc.edu" for 152.19.250.39 at 2014-05-23 08:58:17 -0400
Processing by HostsController#update as */*
Parameters: {"utf8"=>"✓", "authenticity_token"=>"REMOVED", "host"=>{"name"=>"abacus0.isis.unc.edu", "hostgroup_id"=>"", "environment_id"=>"1", "puppet_ca_proxy_id"=>"1", "puppet_proxy_id"=>"1", "puppetclass_ids"=>["", "42", "47", "51", "717", "215", "217", "828", "407", "822"], "managed"=>"f", "progress_report_id"=>"[FILTERED]", "lookup_values_attributes"=>"[FILTERED]", "host_parameters_attributes"=>{"0"=>{"name"=>"sm_customer", "value"=>"[FILTERED]", "nested"=>"", "id"=>"1246"}, "1"=>{"name"=>"sudo__full_sudo_groups", "value"=>"[FILTERED]", "nested"=>"", "id"=>"829"}}, "is_owned_by"=>"2-Users", "enabled"=>"1", "model_id"=>"2", "comment"=>"", "overwrite"=>"false"}, "id"=>"abacus0.isis.unc.edu"}
Operation FAILED: ActiveRecord::ReadOnlyRecord
Rendered common/500.html.erb (4.2ms)
Completed 500 Internal Server Error in 145ms (Views: 5.0ms | ActiveRecord: 40.7ms)

Actions #3

Updated by m w almost 10 years ago

Sorry, please downgrade this from High. This only seems to cause an error when the search is based on a fact:

Host/managed view_hosts, edit_hosts facts.customer = mycustomer

Actions #4

Updated by Joseph Magen over 9 years ago

  • Priority changed from High to Normal
Actions #5

Updated by Adam Winberg about 9 years ago

I' also getting this with 1.7.1 while setting while using a role with a search filter on "Host/managed" based on a fact. If I remove the filter and use 'unlimited' instead or filter on for example hostgroup, it works.

I would think this would've been resolved after 8 months, or can you not reproduce it? In a devop environment its pretty important to be able to filter host permissions based on facts.

Actions #6

Updated by Dominic Cleal about 9 years ago

  • Blocks Tracker #4552: New permissions/authorization system issues added
Actions #7

Updated by Dominic Cleal about 9 years ago

  • Category set to Users, Roles and Permissions
Actions #8

Updated by Anthony Lapenna about 9 years ago

Same issue in 1.7.1 when a user try to override a class parameter.

Also got a role with a search filter on "Host/managed" based on a fact.

Actions #9

Updated by Dominic Cleal almost 9 years ago

  • Subject changed from removing class from a host fails for non-admin user to Editing host fails for non-admin user with fact filter
  • Status changed from New to Assigned
  • Assignee set to Dominic Cleal
Actions #10

Updated by The Foreman Bot almost 9 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/2286 added
  • Pull request deleted ()
Actions #11

Updated by Marek Hulán almost 9 years ago

  • translation missing: en.field_release set to 35
Actions #12

Updated by Dominic Cleal almost 9 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #13

Updated by Dominic Cleal almost 9 years ago

  • translation missing: en.field_release changed from 35 to 50
Actions

Also available in: Atom PDF