Project

General

Profile

Actions
Copy link

Bug #30394

closed

50/50 chance to create role filter with non-admin user and enough permissions

Added by Shira Maximov over 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ondřej Ezr
Category:
Users, Roles and Permissions
Target version:
2.5.1
Difficulty:
Triaged:
No
Bugzilla link:
1845498
Pull request:
https://github.com/theforeman/foreman/pull/8422, https://github.com/theforeman/foreman/pull/8616
Fixed in Releases:
2.5.1, 3.0.0
Found in Releases:
Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1845498

Description of problem:
The error "Could not create the permission filter:
You don't have permission create_filters with attributes that you have specified or you don't have access to specified organizations or locations" is printed sometimes even with enough permissions for execution of the command:

  1. hammer --config configFile.yml --output json filter create --role roleName --permissions "permissionName"

Version-Release number of selected component (if applicable):
hammer 0.17.1

How reproducible:
hammer will sometimes success and sometimes not. When in loop you may see fails and success with not changed user role.

Steps to Reproduce:
1. Create Satellite user x
2. Create a /root/.hammer/cli_test.yml config file with the following content:

:foreman:
:host: <hostname>
:username: <userName>
:password: <password>

3. Create Role and add permissions below to the user created in the step 1.
(Miscellaneous) escalate_roles
Auth source view_authenticators
Bookmark view_bookmarks, create_bookmarks, edit_bookmarks, destroy_bookmarks
External usergroup view_external_usergroups, create_external_usergroups, edit_external_usergroups, destroy_external_usergroups
Filter view_filters, create_filters, edit_filters, destroy_filters
Organization view_organizations
Role view_roles, create_roles, edit_roles, destroy_roles
Subscription attach_subscriptions, unattach_subscriptions
Usergroup view_usergroups, create_usergroups, edit_usergroups, destroy_usergroups

4. Add Role from 3. to user from 1.
5. Create new role

  1. hammer --config /root/.hammer/cli_test.yml role create --name test_role --organizations <organization>

6. Create new filter for test_role

  1. hammer --config /root/.hammer/cli_test.yml filter create --role test_role --permissions "access_dashboard"

Actual results:
Sometimes
"Could not create the permission filter:
You don't have permission create_filters with attributes that you have specified or you don't have access to specified organizations or locations"

Sometimes
"Permission filter for [] created."

Expected results:
"Permission filter for [] created."

Actions
Copy link

Also available in: Atom PDF