Project

General

Profile

Bug #20104

fix_db_cache needs to run with admin permissions

Added by Daniel Lobato Garcia over 5 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Daniel Lobato Garcia
Category:
Database
Target version:
1.15.2
Difficulty:
Triaged:
Bugzilla link:
1473910
Pull request:
https://github.com/theforeman/foreman/pull/4622
Fixed in Releases:
Found in Releases:
1.15.0
Red Hat JIRA:

Description

The rake task 'fix_db_cache' triggers CacheManager, and CacheManager tries to find roles, user groups, etc.. without any permissions. This will cause it to fail with an error similar to https://gist.github.com/52da11cb368ec530bcf0247d3ee38855 .

Many of the actions called by CacheManager, like UsergroupMember.save will have to find objects that needs permissions to be viewed, hence CacheManager has to be called "as_admin".

Associated revisions

Revision c1ca2c0d (diff)
Added by Daniel Lobato Garcia over 5 years ago

Fixes #20104 - fix_db_cache needs to run as admin

The rake task 'fix_db_cache' triggers CacheManager, and CacheManager
tries to find roles, user groups, etc.. without any permissions. This
will cause it to fail with an error similar to
https://gist.github.com/52da11cb368ec530bcf0247d3ee38855 .

Many of the actions called by CacheManager, like UsergroupMember.save
will have to find objects that needs permissions to be viewed, hence
CacheManager has to be called "as_admin".

Similarly an user may destroy or save a new UsergroupMember. The cache
needs to be updated with information about all user groups in the
system, not only the ones visible to the user making the change.

Revision f9f40395 (diff)
Added by Daniel Lobato Garcia over 5 years ago

Fixes #20104 - fix_db_cache needs to run as admin

The rake task 'fix_db_cache' triggers CacheManager, and CacheManager
tries to find roles, user groups, etc.. without any permissions. This
will cause it to fail with an error similar to
https://gist.github.com/52da11cb368ec530bcf0247d3ee38855 .

Many of the actions called by CacheManager, like UsergroupMember.save
will have to find objects that needs permissions to be viewed, hence
CacheManager has to be called "as_admin".

Similarly an user may destroy or save a new UsergroupMember. The cache
needs to be updated with information about all user groups in the
system, not only the ones visible to the user making the change.

(cherry picked from commit c1ca2c0d10a411f0074939304030449840ecea7c)

History

#1 Updated by Daniel Lobato Garcia over 5 years ago

  • Legacy Backlogs Release (now unused) set to 266

#2 Updated by The Foreman Bot over 5 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Daniel Lobato Garcia
  • Pull request https://github.com/theforeman/foreman/pull/4622 added

#3 Updated by Anonymous over 5 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#4 Updated by Marek Hulán over 5 years ago

  • Bugzilla link set to 1473910

Also available in: Atom PDF