Bug #30394: 50/50 chance to create role filter with non-admin user and enough permissions - Foreman

Actions

Copy link

Bug #30394

closed

50/50 chance to create role filter with non-admin user and enough permissions

Added by Shira Maximov over 4 years ago. Updated almost 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Ondřej Ezr

Category:

Users, Roles and Permissions

Target version:

2.5.1

Difficulty:

Triaged:

Bugzilla link:

1845498

Pull request:

https://github.com/theforeman/foreman/pull/8422, https://github.com/theforeman/foreman/pull/8616

Fixed in Releases:

2.5.1, 3.0.0

Found in Releases:

Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1845498

Description of problem:
The error "Could not create the permission filter:
You don't have permission create_filters with attributes that you have specified or you don't have access to specified organizations or locations" is printed sometimes even with enough permissions for execution of the command:

hammer --config configFile.yml --output json filter create --role roleName --permissions "permissionName"

Version-Release number of selected component (if applicable):
hammer 0.17.1

How reproducible:
hammer will sometimes success and sometimes not. When in loop you may see fails and success with not changed user role.

Steps to Reproduce:
1. Create Satellite user x
2. Create a /root/.hammer/cli_test.yml config file with the following content:

:foreman:
:host: <hostname>
:username: <userName>
:password: <password>

3. Create Role and add permissions below to the user created in the step 1.
(Miscellaneous) escalate_roles
Auth source view_authenticators
Bookmark view_bookmarks, create_bookmarks, edit_bookmarks, destroy_bookmarks
External usergroup view_external_usergroups, create_external_usergroups, edit_external_usergroups, destroy_external_usergroups
Filter view_filters, create_filters, edit_filters, destroy_filters
Organization view_organizations
Role view_roles, create_roles, edit_roles, destroy_roles
Subscription attach_subscriptions, unattach_subscriptions
Usergroup view_usergroups, create_usergroups, edit_usergroups, destroy_usergroups

4. Add Role from 3. to user from 1.
5. Create new role

hammer --config /root/.hammer/cli_test.yml role create --name test_role --organizations <organization>

6. Create new filter for test_role

hammer --config /root/.hammer/cli_test.yml filter create --role test_role --permissions "access_dashboard"

Actual results:
Sometimes
"Could not create the permission filter:
You don't have permission create_filters with attributes that you have specified or you don't have access to specified organizations or locations"

Sometimes
"Permission filter for [] created."

Expected results:
"Permission filter for [] created."

Actions

Copy link

Also available in: Atom PDF

Project

General

Custom queries

Profile

Bug #30394

50/50 chance to create role filter with non-admin user and enough permissions

Updated by Tomer Brisker over 4 years ago

Updated by Ondřej Ezr about 4 years ago

Updated by The Foreman Bot about 4 years ago

Updated by The Foreman Bot almost 4 years ago

Updated by The Foreman Bot almost 4 years ago

Updated by Ondřej Ezr almost 4 years ago

Updated by Tomer Brisker almost 4 years ago

Updated by The Foreman Bot almost 4 years ago

Updated by Tomer Brisker almost 4 years ago

Updated by Tomer Brisker almost 4 years ago