Bug #30394
closed50/50 chance to create role filter with non-admin user and enough permissions
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1845498
Description of problem:
The error "Could not create the permission filter:
You don't have permission create_filters with attributes that you have specified or you don't have access to specified organizations or locations" is printed sometimes even with enough permissions for execution of the command:
- hammer --config configFile.yml --output json filter create --role roleName --permissions "permissionName"
Version-Release number of selected component (if applicable):
hammer 0.17.1
How reproducible:
hammer will sometimes success and sometimes not. When in loop you may see fails and success with not changed user role.
Steps to Reproduce:
1. Create Satellite user x
2. Create a /root/.hammer/cli_test.yml config file with the following content:
:foreman:
:host: <hostname>
:username: <userName>
:password: <password>
3. Create Role and add permissions below to the user created in the step 1.
(Miscellaneous) escalate_roles
Auth source view_authenticators
Bookmark view_bookmarks, create_bookmarks, edit_bookmarks, destroy_bookmarks
External usergroup view_external_usergroups, create_external_usergroups, edit_external_usergroups, destroy_external_usergroups
Filter view_filters, create_filters, edit_filters, destroy_filters
Organization view_organizations
Role view_roles, create_roles, edit_roles, destroy_roles
Subscription attach_subscriptions, unattach_subscriptions
Usergroup view_usergroups, create_usergroups, edit_usergroups, destroy_usergroups
4. Add Role from 3. to user from 1.
5. Create new role
- hammer --config /root/.hammer/cli_test.yml role create --name test_role --organizations <organization>
6. Create new filter for test_role
- hammer --config /root/.hammer/cli_test.yml filter create --role test_role --permissions "access_dashboard"
Actual results:
Sometimes
"Could not create the permission filter:
You don't have permission create_filters with attributes that you have specified or you don't have access to specified organizations or locations"
Sometimes
"Permission filter for [] created."
Expected results:
"Permission filter for [] created."
Updated by Tomer Brisker over 4 years ago
- Category set to Users, Roles and Permissions
Updated by Ondřej Ezr over 3 years ago
In development this always fails because of taxonomies.
Filter look like taxable, even though they are not taxable, their taxonomy assignment means "Filter applies to taxonomies".
This should be IMHO fixed by disabling taxonomy check on Filter permission checking.
Updated by The Foreman Bot over 3 years ago
- Status changed from New to Ready For Testing
- Assignee set to Ondřej Ezr
- Pull request https://github.com/theforeman/foreman/pull/8422 added
Updated by Ondřej Ezr over 3 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset foreman|2a0ad9140655b1c1604ddb948dca0c3e5968a42c.
Updated by The Foreman Bot over 3 years ago
- Pull request https://github.com/theforeman/foreman/pull/8616 added