Project

General

Profile

Bug #18034

Lifecycle environments not displayed correctly with restricted permissions

Added by Brad Buckingham about 2 years ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Category:
Lifecycle Environments
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1410919

Description of problem:

When using a user with restricted rights the lifecycle
environments are not correctly displayed in the web ui

Version-Release number of selected component (if applicable):

6.2.2 - 6.2.6

How reproducible:

100%

Steps to Reproduce:
1. The role assigned to the user has the following permission set

  1. hammer u admin -p redhat role filters --id=22
    ----|-------------------------|-----------------------------------------------------------------|------------|---------|--------------------------------------------------------------------------------

    ID | RESOURCE TYPE | SEARCH | UNLIMITED? | ROLE | PERMISSIONS
    ----|-------------------------|-----------------------------------------------------------------|------------|---------|---------------------------------------------------------------------------------
    167 | Katello::Product | name ~ "Test_*" || name ~ "rhel7*" | no | Limited | view_products, create_products, edit_products, destroy_products, sync_product...
    168 | Katello::System | host_collection ~ "Test_*_Dev" || host_collection ~ "Test_*_QA" | no | Limited | view_content_hosts, edit_content_hosts
    169 | Katello::ContentView | name ~ "Test_*" || name ~ "rhel7*" | no | Limited | view_content_views, create_content_views, edit_content_views, destroy_content...
    170 | Host | host_collection ~ "Test_*_Dev" || host_collection ~ "Test_*_QA" | no | Limited | view_hosts, edit_hosts
    171 | Katello::HostCollection | name ~ "Test_*_Dev" || name ~ "Test_*_QA" | no | Limited | view_host_collections, edit_host_collections
    172 | JobInvocation | none | yes | Limited | create_job_invocations, view_job_invocations
    173 | Katello::KTEnvironment | name ~ Dev || name ~ QA | no | Limited | view_lifecycle_environments, edit_lifecycle_environments, promote_or_remove_c...
    174 | Katello::ActivationKey | name ~ ak_test | no | Limited | view_activation_keys, create_activation_keys, edit_activation_keys, destroy_a...
    176 | Organization | none | yes | Limited | view_organizations, assign_organizations, view_subscriptions, attach_subscrip...
    ----|-------------------------|-----------------------------------------------------------------|------------|---------|---------------------------------------------------------------------------------

2. Show all the environments with hammer

  1. hammer u admin -p redhat lifecycle-environment list --organization ACME
    ---|---------|-------

    ID | NAME | PRIOR
    ---|---------|--------
    3 | test2 | Library
    2 | test | Library
    5 | qa2 | test2
    4 | qa1 | test
    7 | QA | Library
    1 | Library |
    6 | Dev | Library
    ---|---------|--------

3. Verify the restriction with hammer

  1. hammer u limited -p redhat lifecycle-environment list --organization ACME
    ---|------|-------

    ID | NAME | PRIOR
    ---|------|--------
    5 | qa2 | test2
    4 | qa1 | test
    7 | QA | Library
    6 | Dev | Library
    ---|------|--------

4. Login to the web ui as the limited user and navigate to the lifecycle
environments page

Actual results:

The title bars for each of the lifecycle environment tables have been
suppressed but the actual counts of Content Views and Content Hosts are still
visible.

Expected results:

The lifecycle environments that the user is authorized to see are shown
and all others are suppressed.

Associated revisions

Revision eb14a2f8 (diff)
Added by Brad Buckingham about 2 years ago

fixes #18034 - environment paths - only return readable envs

When returning a list of lifecycle environment paths to the user,
only return the readable ones. Without this change, a user that had
view_lifecycle_environments permission for 'dev', could see
all environments (e.g. 'dev', 'test', 'prod').

History

#1 Updated by Brad Buckingham about 2 years ago

  • Subject changed from Lifecycle environments not displayed correctly with restricted permissions to Lifecycle environments not displayed correctly with restricted permissions
  • Target version set to 157
  • Legacy Backlogs Release (now unused) set to 114

#2 Updated by Brad Buckingham about 2 years ago

Need to test this and see if it exists on master. If it does not, ideally locate a duplicate that can be associated with the referenced bugzilla.

#3 Updated by Brad Buckingham about 2 years ago

  • Status changed from New to Assigned
  • Assignee set to Brad Buckingham

#4 Updated by The Foreman Bot about 2 years ago

  • Status changed from Assigned to Ready For Testing
  • Legacy Backlogs Release (now unused) deleted (114)
  • Pull request https://github.com/Katello/katello/pull/6535 added

#5 Updated by Justin Sherrill about 2 years ago

  • Legacy Backlogs Release (now unused) set to 211

#6 Updated by Brad Buckingham about 2 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF