Project

General

Profile

Actions
Copy link

Bug #21496

closed

Roles not properly removing permissions

Added by Partha Aji about 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Partha Aji
Category:
DB migrations
Target version:
1.17.0
Difficulty:
Triaged:
Bugzilla link:
1507073
Pull request:
https://github.com/theforeman/foreman/pull/4957
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Look at
https://github.com/theforeman/foreman/blob/5878c99fb02a235df3b27f742c0373f94e483fe4/app/models/role.rb#L327

  def permission_records(permissions)
    collection = Permission.where(:name => permissions.flatten).all
    raise ::Foreman::PermissionMissingException.new(N_('some permissions were not found')) if collection.size != permissions.size
    collection
  end

In a call for the permissions_records method, the permissions were of the format ":view_tasks, :view_bookmarks" (https://github.com/theforeman/foreman/blob/develop/db/seeds.d/020-roles_list.rb#L38, https://github.com/theforeman/foreman/blob/develop/lib/seed_helper.rb#L92.)

This parameter caused the following stack trace

Foreman::PermissionMissingException: ERF73-2603 [Foreman::PermissionMissingException]: some permissions were not found
/usr/share/foreman/app/models/role.rb:288:in `permission_records'
/usr/share/foreman/app/models/role.rb:164:in `find_for_permission_removal'
/usr/share/foreman/app/models/role.rb:205:in `remove_permissions!'
/usr/share/foreman/lib/seed_helper.rb:80:in `block in update_role_permissions'
/usr/share/foreman/app/models/role.rb:228:in `ignore_locking'
/usr/share/foreman/lib/seed_helper.rb:72:in `update_role_permissions'
/usr/share/foreman/lib/seed_helper.rb:53:in `create_role'
/usr/share/foreman/db/seeds.d/03-roles.rb:9:in `block (3 levels) in <top (required)>'
/usr/share/foreman/db/seeds.d/03-roles.rb:8:in `each'
/usr/share/foreman/db/seeds.d/03-roles.rb:8:in `block (2 levels) in <top (required)>'
/opt/theforeman/tfm/root/usr/share/gems/gems/audited-4.4.1/lib/audited/auditor.rb:283:in `without_auditing'
/usr/share/foreman/db/seeds.d/03-roles.rb:4:in `block in <top (required)>'
/opt/theforeman/tfm/root/usr/share/gems/gems/audited-4.4.1/lib/audited/auditor.rb:283:in `without_auditing'
/usr/share/foreman/db/seeds.d/03-roles.rb:3:in `<top (required)>'
/opt/rh/rh-ror42/root/usr/share/gems/gems/activesupport-4.2.6/lib/active_suppo

The reason for PermissionMissingException was that "collection.size != permissions.size" while it should technically be "collection.size != permissions.flatten.size"

Related issues 1 (0 open1 closed)

Related to Foreman - Bug #21342: Role needs to be updated if their permissions changed in new versionClosedMarek HulánActions
Actions
Copy link
 #1

Updated by Partha Aji about 7 years ago

  • Bugzilla link set to 1507073
Actions
Copy link
 #2

Updated by Partha Aji about 7 years ago

  • Target version set to 225
Actions
Copy link
 #3

Updated by The Foreman Bot about 7 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/4957 added
Actions
Copy link
 #4

Updated by Marek Hulán about 7 years ago

  • Translation missing: en.field_release set to 296
Actions
Copy link
 #5

Updated by Marek Hulán about 7 years ago

  • Related to Bug #21342: Role needs to be updated if their permissions changed in new version added
Actions
Copy link
 #6

Updated by Partha Aji about 7 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF