Actions
Bug #24056
closedPermissions fail when connected to Facets
Status:
Closed
Priority:
Normal
Assignee:
Category:
Users, Roles and Permissions
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Description
Consider the following steps
- create a role with the following filters -> [ :view_facts, (:view_hosts, :search => "content_view_id = 1")] note I used content_view_id as the search filter for the host. You could use any facet attribute for this.
- create a user associated to this role
- execute api call
curl -s -u 'apiuser:redhat' -k https://<url>/api/v2/hosts/3/facts
Expected:
Assuming Host with id 3 is associated to cv 1, we should get the facts
Actual: $ curl -s -u 'apiuser:redhat' -k https://<url>/api/v2/hosts/3/facts { "error": {"message":"Can't join 'Host::Base' to association named 'content_facet'; perhaps you misspelled it?"} }
Problem here is with this call -> https://github.com/theforeman/foreman/blob/develop/app/services/authorizer.rb#L62
Basically the code does the equivalent of
> FactValue.joins(:host => :content_facet).to_sql ActiveRecord::ConfigurationError: Can't join 'Host::Base' to association named 'content_facet'; perhaps you misspelled it?
Any facet attribute associated to the host is going to hit this issue.
Actions