Bug #20104

fix_db_cache needs to run with admin permissions

Added by Daniel Lobato Garcia about 1 year ago. Updated 9 days ago.

Status:Closed
Priority:Normal
Assignee:Daniel Lobato Garcia
Category:Database
Target version:1.15.2
Difficulty: Team Backlog:
Triaged: Fixed in Releases:
Bugzilla link:1473910 Found in Releases:1.15.0
Pull request:https://github.com/theforeman/foreman/pull/4622

Description

The rake task 'fix_db_cache' triggers CacheManager, and CacheManager tries to find roles, user groups, etc.. without any permissions. This will cause it to fail with an error similar to https://gist.github.com/52da11cb368ec530bcf0247d3ee38855 .

Many of the actions called by CacheManager, like UsergroupMember.save will have to find objects that needs permissions to be viewed, hence CacheManager has to be called "as_admin".

Associated revisions

Revision c1ca2c0d
Added by Daniel Lobato Garcia about 1 year ago

Fixes #20104 - fix_db_cache needs to run as admin

The rake task 'fix_db_cache' triggers CacheManager, and CacheManager
tries to find roles, user groups, etc.. without any permissions. This
will cause it to fail with an error similar to
https://gist.github.com/52da11cb368ec530bcf0247d3ee38855 .

Many of the actions called by CacheManager, like UsergroupMember.save
will have to find objects that needs permissions to be viewed, hence
CacheManager has to be called "as_admin".

Similarly an user may destroy or save a new UsergroupMember. The cache
needs to be updated with information about all user groups in the
system, not only the ones visible to the user making the change.

Revision f9f40395
Added by Daniel Lobato Garcia about 1 year ago

Fixes #20104 - fix_db_cache needs to run as admin

The rake task 'fix_db_cache' triggers CacheManager, and CacheManager
tries to find roles, user groups, etc.. without any permissions. This
will cause it to fail with an error similar to
https://gist.github.com/52da11cb368ec530bcf0247d3ee38855 .

Many of the actions called by CacheManager, like UsergroupMember.save
will have to find objects that needs permissions to be viewed, hence
CacheManager has to be called "as_admin".

Similarly an user may destroy or save a new UsergroupMember. The cache
needs to be updated with information about all user groups in the
system, not only the ones visible to the user making the change.

(cherry picked from commit c1ca2c0d10a411f0074939304030449840ecea7c)

History

#1 Updated by Daniel Lobato Garcia about 1 year ago

  • Legacy Backlogs Release (now unused) set to 266

#2 Updated by The Foreman Bot about 1 year ago

  • Status changed from New to Ready For Testing
  • Assignee set to Daniel Lobato Garcia
  • Pull request https://github.com/theforeman/foreman/pull/4622 added

#3 Updated by Anonymous about 1 year ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#4 Updated by Marek Hulán 12 months ago

  • Bugzilla link set to 1473910

Also available in: Atom PDF