Project

General

Profile

Bug #21496

Roles not properly removing permissions

Added by Partha Aji about 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Partha Aji
Category:
DB migrations
Target version:
1.17.0
Difficulty:
Triaged:
Bugzilla link:
1507073
Pull request:
https://github.com/theforeman/foreman/pull/4957
Fixed in Releases:
Found in Releases:

Description

Look at
https://github.com/theforeman/foreman/blob/5878c99fb02a235df3b27f742c0373f94e483fe4/app/models/role.rb#L327

  def permission_records(permissions)
    collection = Permission.where(:name => permissions.flatten).all
    raise ::Foreman::PermissionMissingException.new(N_('some permissions were not found')) if collection.size != permissions.size
    collection
  end

In a call for the permissions_records method, the permissions were of the format ":view_tasks, :view_bookmarks" (https://github.com/theforeman/foreman/blob/develop/db/seeds.d/020-roles_list.rb#L38, https://github.com/theforeman/foreman/blob/develop/lib/seed_helper.rb#L92.)

This parameter caused the following stack trace

Foreman::PermissionMissingException: ERF73-2603 [Foreman::PermissionMissingException]: some permissions were not found
/usr/share/foreman/app/models/role.rb:288:in `permission_records'
/usr/share/foreman/app/models/role.rb:164:in `find_for_permission_removal'
/usr/share/foreman/app/models/role.rb:205:in `remove_permissions!'
/usr/share/foreman/lib/seed_helper.rb:80:in `block in update_role_permissions'
/usr/share/foreman/app/models/role.rb:228:in `ignore_locking'
/usr/share/foreman/lib/seed_helper.rb:72:in `update_role_permissions'
/usr/share/foreman/lib/seed_helper.rb:53:in `create_role'
/usr/share/foreman/db/seeds.d/03-roles.rb:9:in `block (3 levels) in <top (required)>'
/usr/share/foreman/db/seeds.d/03-roles.rb:8:in `each'
/usr/share/foreman/db/seeds.d/03-roles.rb:8:in `block (2 levels) in <top (required)>'
/opt/theforeman/tfm/root/usr/share/gems/gems/audited-4.4.1/lib/audited/auditor.rb:283:in `without_auditing'
/usr/share/foreman/db/seeds.d/03-roles.rb:4:in `block in <top (required)>'
/opt/theforeman/tfm/root/usr/share/gems/gems/audited-4.4.1/lib/audited/auditor.rb:283:in `without_auditing'
/usr/share/foreman/db/seeds.d/03-roles.rb:3:in `<top (required)>'
/opt/rh/rh-ror42/root/usr/share/gems/gems/activesupport-4.2.6/lib/active_suppo

The reason for PermissionMissingException was that "collection.size != permissions.size" while it should technically be "collection.size != permissions.flatten.size"

Related issues

Related to Foreman - Bug #21342: Role needs to be updated if their permissions changed in new versionClosed

Associated revisions

Revision 6a1f0e1a (diff)
Added by Partha Aji about 3 years ago

Fixes #21496 - Properly fetches permission records

The permission records method used to wrongly error out when the
permissions were nested inside an array. Even though the permission list
was returned properly the comparison to raise the PermissionMissing
exception used the wrong logic.

History

#1 Updated by Partha Aji about 3 years ago

  • Bugzilla link set to 1507073

#2 Updated by Partha Aji about 3 years ago

  • Target version set to 225

#3 Updated by The Foreman Bot about 3 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/4957 added

#4 Updated by Marek Hulán about 3 years ago

  • Legacy Backlogs Release (now unused) set to 296

#5 Updated by Marek Hulán about 3 years ago

  • Related to Bug #21342: Role needs to be updated if their permissions changed in new version added

#6 Updated by Partha Aji about 3 years ago

  • % Done changed from 0 to 100
  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF