Feature #17586: Remove duplicated permissions via migration - Discovery - Foreman

Actions

Copy link

Feature #17586

open

Remove duplicated permissions via migration

Added by Lukas Zapletal about 8 years ago. Updated about 8 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Difficulty:

Triaged:

Bugzilla link:

Pull request:

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

For some time, our permission framework allowed creating duplicated permissions. This is no longer possible, but Foreman database may contain duplicated entries created by users. Also few duplicated entries were created via migrations (e.g. in discovery, haven't tested other plugins). This is a proposal to create Role#remove_duplicated_permissions method and call it during seeding stage to remove these.

Role.all.map{|r| [r.name, r.permissions.map{|x| [x.name, x.resource_type]}.group_by {|e| e}.select { |k,v| v.size > 1}.keys]}
=> [["Tasks Manager", []],
 ["Tasks Reader", []],
 ["Boot disk access", []],
 ["Discovery Reader",
  [["view_hosts", "Host"],
   ["view_architectures", "Architecture"],
   ["view_domains", "Domain"],
   ["view_environments", "Environment"],
   ["view_hostgroups", "Hostgroup"],
   ["view_media", "Medium"],
   ["view_models", "Model"],
   ["view_operatingsystems", "Operatingsystem"],
   ["view_provisioning_templates", "ProvisioningTemplate"],
   ["view_ptables", "Ptable"],
   ["view_puppetclasses", "Puppetclass"],
   ["view_realms", "Realm"],
   ["view_smart_proxies", "SmartProxy"],
   ["view_subnets", "Subnet"]]],
 ["Discovery Manager",
  [["create_hosts", "Host"],
   ["view_hosts", "Host"],
   ["view_architectures", "Architecture"],
   ["view_domains", "Domain"],
   ["view_environments", "Environment"],
   ["view_hostgroups", "Hostgroup"],
   ["view_media", "Medium"],
   ["view_models", "Model"],
   ["view_operatingsystems", "Operatingsystem"],
   ["view_provisioning_templates", "ProvisioningTemplate"],
   ["view_ptables", "Ptable"],
   ["view_puppetclasses", "Puppetclass"],
   ["view_realms", "Realm"],
   ["view_smart_proxies", "SmartProxy"],
   ["view_subnets", "Subnet"]]],
 ["Manager", []],
 ["Edit partition tables", []],
 ["View hosts", []],
 ["Edit hosts", []],
 ["Viewer", []],
 ["Site manager", []],
 ["Default role", []]]

Related issues 1 (1 open — 0 closed)

Actions

Copy link

Updated by Dominic Cleal about 8 years ago

Isn't this the same as #13529 in 1.13.0?

If it's no longer possible (that fix adds a unique index), how does this occur?

Actions

Copy link

Updated by Lukas Zapletal about 8 years ago

When I try add_permissions today (on develop), the permission is not added if present. But this used to be different in around 1.10. If you sent it an array of different permissions, it added it twice.

I was thinking about a rake task, that might be useful.

Actions

Copy link

Updated by Dominic Cleal about 8 years ago

The database is migrated then it will include #13529 and duplicate permissions will not be possible due to a unique index. I'm unsure how you would use a rake task to fix a problem that the index doesn't permit. If you are upgrading, use db:migrate.

1.10 is no longer maintained, it cannot be added to that release.

Actions

Copy link

Updated by Lukas Zapletal about 8 years ago

Project changed from Foreman to Discovery
Subject changed from Remove duplicated permissions during seed to Remove duplicated permissions via migration
Category deleted (~~Users, Roles and Permissions~~)

Ok, changing project, I will simply do a migration in discovery for this one.

Which unique index have you on your mind, because I am just sitting on develop and I do see duplicate permissions right now:

Role.find_by_name("Discovery Manager").permissions.pluck(:name, :resource_type).sort
=> [["assign_locations", "Location"],
 ["assign_organizations", "Organization"],
 ["auto_provision_discovered_hosts", "Host"],
 ["build_hosts", "Host"],
 ["create_discovery_rules", "DiscoveryRule"],
 ["create_hosts", "Host"],
 ["create_hosts", "Host"],
 ["destroy_discovered_hosts", "Host"],
 ["destroy_discovery_rules", "DiscoveryRule"],
 ["edit_discovered_hosts", "Host"],
 ["edit_discovery_rules", "DiscoveryRule"],
 ["execute_discovery_rules", "DiscoveryRule"],
 ["provision_discovered_hosts", "Host"],
 ["submit_discovered_hosts", "Host"],
 ["view_architectures", "Architecture"],
 ["view_architectures", "Architecture"],
 ["view_discovered_hosts", "Host"],
 ["view_discovery_rules", "DiscoveryRule"],
 ["view_domains", "Domain"],
 ["view_domains", "Domain"],
 ["view_environments", "Environment"],
 ["view_environments", "Environment"],
 ["view_hostgroups", "Hostgroup"],
 ["view_hostgroups", "Hostgroup"],
 ["view_hosts", "Host"],
 ["view_hosts", "Host"],
 ["view_locations", "Location"],
 ["view_media", "Medium"],
 ["view_media", "Medium"],
 ["view_models", "Model"],
 ["view_models", "Model"],
 ["view_operatingsystems", "Operatingsystem"],
 ["view_operatingsystems", "Operatingsystem"],
 ["view_organizations", "Organization"],
 ["view_provisioning_templates", "ProvisioningTemplate"],
 ["view_provisioning_templates", "ProvisioningTemplate"],
 ["view_ptables", "Ptable"],
 ["view_ptables", "Ptable"],
 ["view_puppetclasses", "Puppetclass"],
 ["view_puppetclasses", "Puppetclass"],
 ["view_realms", "Realm"],
 ["view_realms", "Realm"],
 ["view_smart_proxies", "SmartProxy"],
 ["view_smart_proxies", "SmartProxy"],
 ["view_subnets", "Subnet"],
 ["view_subnets", "Subnet"]]

Actions

Copy link