Project

General

Profile

Actions

Bug #30394

closed

50/50 chance to create role filter with non-admin user and enough permissions

Added by Shira Maximov almost 4 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Users, Roles and Permissions
Target version:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1845498

Description of problem:
The error "Could not create the permission filter:
You don't have permission create_filters with attributes that you have specified or you don't have access to specified organizations or locations" is printed sometimes even with enough permissions for execution of the command:

  1. hammer --config configFile.yml --output json filter create --role roleName --permissions "permissionName"

Version-Release number of selected component (if applicable):
hammer 0.17.1

How reproducible:
hammer will sometimes success and sometimes not. When in loop you may see fails and success with not changed user role.

Steps to Reproduce:
1. Create Satellite user x
2. Create a /root/.hammer/cli_test.yml config file with the following content:

:foreman:
:host: <hostname>
:username: <userName>
:password: <password>

3. Create Role and add permissions below to the user created in the step 1.
(Miscellaneous) escalate_roles
Auth source view_authenticators
Bookmark view_bookmarks, create_bookmarks, edit_bookmarks, destroy_bookmarks
External usergroup view_external_usergroups, create_external_usergroups, edit_external_usergroups, destroy_external_usergroups
Filter view_filters, create_filters, edit_filters, destroy_filters
Organization view_organizations
Role view_roles, create_roles, edit_roles, destroy_roles
Subscription attach_subscriptions, unattach_subscriptions
Usergroup view_usergroups, create_usergroups, edit_usergroups, destroy_usergroups

4. Add Role from 3. to user from 1.
5. Create new role

  1. hammer --config /root/.hammer/cli_test.yml role create --name test_role --organizations <organization>

6. Create new filter for test_role

  1. hammer --config /root/.hammer/cli_test.yml filter create --role test_role --permissions "access_dashboard"

Actual results:
Sometimes
"Could not create the permission filter:
You don't have permission create_filters with attributes that you have specified or you don't have access to specified organizations or locations"

Sometimes
"Permission filter for [] created."

Expected results:
"Permission filter for [] created."

Actions #1

Updated by Tomer Brisker almost 4 years ago

  • Category set to Users, Roles and Permissions
Actions #2

Updated by Ondřej Ezr about 3 years ago

In development this always fails because of taxonomies.
Filter look like taxable, even though they are not taxable, their taxonomy assignment means "Filter applies to taxonomies".

This should be IMHO fixed by disabling taxonomy check on Filter permission checking.

Actions #3

Updated by The Foreman Bot about 3 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Ondřej Ezr
  • Pull request https://github.com/theforeman/foreman/pull/8422 added
Actions #4

Updated by The Foreman Bot about 3 years ago

  • Fixed in Releases 3.0.0 added
Actions #5

Updated by The Foreman Bot about 3 years ago

  • Fixed in Releases deleted (3.0.0)
Actions #6

Updated by Ondřej Ezr about 3 years ago

  • Status changed from Ready For Testing to Closed
Actions #7

Updated by Tomer Brisker about 3 years ago

  • Fixed in Releases 3.0.0 added
Actions #8

Updated by The Foreman Bot almost 3 years ago

  • Pull request https://github.com/theforeman/foreman/pull/8616 added
Actions #9

Updated by Tomer Brisker almost 3 years ago

  • Target version set to 2.5.1
Actions #10

Updated by Tomer Brisker almost 3 years ago

  • Fixed in Releases 2.5.1 added
Actions

Also available in: Atom PDF