Project

General

Profile

Bug #22010

Hostgroup creation/edition issue

Added by Thomas BAERT over 1 year ago. Updated 10 months ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Host groups
Target version:

Description

Hello,

It's not possible to create Hostgroup with puppet classes or add puppet classes to an existing hostgroup for regular users.
How to reproduce :
- Use an user with "Manager" role
- Go to "Create Host group" page
- Type a name, select a puppet environment, add puppet classes or config group
- Submit
The page is reloaded without error or warning.
Logs:

2017-12-18 12:03:01 fb25e001 [app] [I] Started POST "/hostgroups" for 10.110.138.0 at 2017-12-18 12:03:01 +0100
2017-12-18 12:03:01 fb25e001 [app] [I] Processing by HostgroupsController#create as */*
2017-12-18 12:03:01 fb25e001 [app] [I]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"uJ7G9xi+MleS4cizOfAZoMnVEdysXr69s+xsPGo/+9L1f1xjTtjGQtzcLOpZC2R5D6KEYwcX/TGvbqjstmGTEg==", "hostgroup"=>{"name"=>"test", "description"=>"", "environment_id"=>"1", "puppet_proxy_id"=>"", "puppet_ca_proxy_id"=>"", "puppetclass_ids"=>["", "1"], "domain_id"=>"", "realm_id"=>"", "architecture_id"=>"", "root_pass"=>"[FILTERED]", "id"=>""}}
2017-12-18 12:03:01 fb25e001 [app] [I] Current user: test (regular user)
2017-12-18 12:03:01 fb25e001 [app] [D] Setting current user thread-local variable to test
2017-12-18 12:03:01 fb25e001 [app] [D] Unpermitted parameter: id
2017-12-18 12:03:01 fb25e001 [app] [D] Unpermitted parameters: utf8, authenticity_token, locale
2017-12-18 12:03:01 fb25e001 [app] [I] Failed to save:
2017-12-18 12:03:01 fb25e001 [app] [I]   Rendered puppetclasses/_selectedClasses.html.erb (2.3ms)
2017-12-18 12:03:01 fb25e001 [app] [I]   Rendered puppetclasses/_classes_in_groups.html.erb (0.0ms)
2017-12-18 12:03:01 fb25e001 [app] [I]   Rendered puppetclasses/_classes.html.erb (1.7ms)
2017-12-18 12:03:01 fb25e001 [app] [I]   Rendered puppetclasses/_class_selection.html.erb (32.6ms)
2017-12-18 12:03:01 fb25e001 [app] [I]   Rendered common/os_selection/_architecture.html.erb (0.9ms)
2017-12-18 12:03:01 fb25e001 [app] [I]   Rendered common/os_selection/_operatingsystem.html.erb (1.5ms)
2017-12-18 12:03:01 fb25e001 [app] [I]   Rendered common/os_selection/_initial.html.erb (8.9ms)
2017-12-18 12:03:02 fb25e001 [app] [I]   Rendered puppetclasses/_class_parameters.html.erb (0.1ms)
2017-12-18 12:03:02 fb25e001 [app] [I]   Rendered puppetclasses/_classes_parameters.html.erb (9.3ms)
2017-12-18 12:03:02 fb25e001 [app] [I]   Rendered common_parameters/_parameter.html.erb (7.8ms)
2017-12-18 12:03:02 fb25e001 [app] [I]   Rendered common_parameters/_parameters.html.erb (16.2ms)
2017-12-18 12:03:02 fb25e001 [app] [I]   Rendered taxonomies/_loc_org_tabs.html.erb (0.1ms)
2017-12-18 12:03:02 fb25e001 [app] [I]   Rendered hostgroups/_form.html.erb (117.6ms)
2017-12-18 12:03:02 fb25e001 [app] [I]   Rendered hostgroups/new.html.erb within layouts/application (118.2ms)
2017-12-18 12:03:02 fb25e001 [app] [I]   Rendered layouts/_application_content.html.erb (0.5ms)
2017-12-18 12:03:02 fb25e001 [app] [I]   Rendered home/_user_dropdown.html.erb (3.8ms)
2017-12-18 12:03:02 fb25e001 [app] [I] Read fragment views/tabs_and_title_records-5 (0.4ms)
2017-12-18 12:03:02 fb25e001 [app] [I]   Rendered home/_topbar.html.erb (13.8ms)
2017-12-18 12:03:02 fb25e001 [app] [I]   Rendered layouts/base.html.erb (16.4ms)
2017-12-18 12:03:02 fb25e001 [app] [I] Completed 200 OK in 237ms (Views: 113.9ms | ActiveRecord: 34.9ms)

No problem for admin user.


Related issues

Related to Foreman - Bug #16884: Create permissions do not check filter limitsClosed2016-10-12
Related to Foreman - Bug #22983: Missing permissions seed entry for HostgroupClassClosed2018-03-22

Associated revisions

Revision d73ddd4f (diff)
Added by Marek Hulán about 1 year ago

Fixes #22983, #22010 - ignore persistence authz for relations

History

#1 Updated by Thomas BAERT about 1 year ago

  • Legacy Backlogs Release (now unused) set to 332

#2 Updated by Eduardo Mayoral about 1 year ago

Same thing here. Same version, same symptoms.

Additionally, I see the following line on the log:

2018-03-02 07:21:42 [app] [I] Failed to save: Hostgroup classes is invalid, Hostgroup classes is invalid

#3 Updated by Thomas BAERT about 1 year ago

This issue is linked to this revision (http://projects.theforeman.org/projects/foreman/repository/revisions/8dcc90bea24b7069e9ec7431835aac909fee30f4)
After rollback of this code, regular user can add puppet classes in hostgroup.

#4 Updated by Thomas BAERT about 1 year ago

The problem is the sql request.
https://github.com/theforeman/foreman/blob/1.16-stable/app/models/concerns/authorizable.rb#L38

SELECT "permissions".* FROM "permissions" WHERE "permissions"."resource_type" = 'HostConfigGroup' AND (permissions.name LIKE 'create_%')
SELECT "permissions".* FROM "permissions" WHERE "permissions"."resource_type" = 'HostgroupClass' AND (permissions.name LIKE 'create_%')
HostConfigGroup and HostgroupClass do not exist in permissions table.

#5 Updated by Michael Moll about 1 year ago

  • Related to Bug #16884: Create permissions do not check filter limits added

#6 Updated by Michael Moll about 1 year ago

  • Legacy Backlogs Release (now unused) deleted (332)

#7 Updated by Marek Hulán about 1 year ago

  • Related to Bug #22983: Missing permissions seed entry for HostgroupClass added

#8 Updated by The Foreman Bot about 1 year ago

  • Assignee set to Marek Hulán
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/5470 added

#9 Updated by Marek Hulán about 1 year ago

  • % Done changed from 0 to 100
  • Status changed from Ready For Testing to Closed

#10 Updated by The Foreman Bot about 1 year ago

  • Pull request https://github.com/theforeman/foreman/pull/5582 added

#11 Updated by The Foreman Bot about 1 year ago

  • Pull request https://github.com/theforeman/foreman/pull/5584 added

#12 Updated by The Foreman Bot about 1 year ago

  • Pull request https://github.com/theforeman/foreman/pull/5585 added

#13 Updated by Marek Hulán 12 months ago

  • Legacy Backlogs Release (now unused) set to 359

Also available in: Atom PDF