Project

General

Profile

Bug #28413

Creating a new product by limited permissions user fails with error "NoMethodError: undefined method `[]' for nil:NilClass"

Added by Partha Aji 6 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Roles and Permissions
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Creating a new product by limited permissions user fails with error "NoMethodError: undefined method `[]' for nil:NilClass"

The user has been assigned to a custom role with the following filter :

Resource Permissions Search

Product and Repositories export_products, N/A
sync_products,
destroy_products,
edit_products,
create_products,
view_products

The product is created even with the error on step "Actions::Katello::Product::ReindexSubscriptions" and the task becomes on paused state and the product can not be deleted until cleaning up the task.

The product is successfully created with no errors when the following filter is added to the role:

Resource Permissions
Subscription view_subscriptions

How reproducible:

100%

Steps to Reproduce:

1.Create a role ROLE1 with the following filters :

Resource Permissions Search

Product and Repositories export_products, N/A
sync_products,
destroy_products,
edit_products,
create_products,
view_products

2. Create a new user and assign ROLE1 to it.

3.Login using the new user and try to create a new product.

Actual results:

The product is created but with the following error and the task becomes on paused state.

An error occurred while saving the Product: 0 Task XXXXX: NoMethodError: undefined method `[]' for nil:NilClass

Expected results:
If a subscription permission is needed , the product creation task can not be started or exit with clear error.

Additional info:

The product is successfully created with no errors when the following filter is added to the role:

Resource Permissions
Subscription view_subscriptions

Associated revisions

Revision 71327211 (diff)
Added by Partha Aji 6 months ago

Fixes #28413 - Create product with permissions (#8458)

This commit relaxes a permission requirement to create custom
products. Prior to this commit the custom product create required a user
do to have create_products, edit_products, and view_subscriptions.
However it is not entirely clear to the user that view_subscriptions is
needed to create a product. Since unlimited subscriptions happens to be
a side effect of Product creation, it makes sense for create/edit
products to be permission enough.

This commit precludes the need for view_subscriptions to create
unlimited subscription on product create.

History

#1 Updated by Partha Aji 6 months ago

  • Bugzilla link set to 1771937

#2 Updated by The Foreman Bot 6 months ago

  • Assignee set to Partha Aji
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/Katello/katello/pull/8458 added

#3 Updated by Chris Roberts 6 months ago

  • Triaged changed from No to Yes
  • Target version set to Katello 3.15.0
  • Category set to Roles and Permissions

#4 Updated by The Foreman Bot 6 months ago

  • Fixed in Releases Katello 3.15.0 added

#5 Updated by Partha Aji 6 months ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF