Project

General

Profile

Actions
Copy link

Bug #31836

closed

Unclear / incomplete error message while trying to promote a content view with a user that has insufficient permissions

Added by Ian Ballou almost 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
High
Assignee:
Ian Ballou
Category:
Content Views
Target version:
Katello 3.17.3
Difficulty:
Triaged:
Yes
Bugzilla link:
1722799
Pull request:
https://github.com/Katello/katello/pull/9153
Fixed in Releases:
Katello 4.1.0
Found in Releases:
Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1722799

Description of problem:
A user called "updater" with assigned Role called "updater" has the following permissions:
Lifecycle Environments => edit_lifecycle_environments
"content views" => view_content_views, edit_content_views, promote_or_remove_content_views

Using this user to promote a content-view results in the following error:
Could not promote the content view:
Access denied
Missing one of the required permissions: promote_or_remove_content_views

As you can see the error message states "Missing one of the..." which is plural, but only lists ONE missing permission.
In addition, this permission is already given to the user in question. What's really missing is the following permission:
Lifecycle Environments => promote_or_remove_content_views_to_environment

But the error message does not state this. I think extending
the error message to list all required permissions may be the better approach.

Version-Release number of selected component (if applicable):
Katello 3.7 & Katello 3.10 were tested.

How reproducible:

Steps to Reproduce:
- create user "updater"
- grant viewer role
- create new role "updater"
- apply filters to role "updater":
-- "Lifecycle Environments" => edit_lifecycle_environments
-- "content views" => view_content_views, edit_content_views, promote_or_remove_content_views

Try to promote a content view with that user to get the error:

[root@foreman ~]# hammer -u updater content-view version promote --content-view-id <ID> --to-lifecycle-environment-id <ID> --id <ID> --organization-id <ID>
[Foreman] Password for updater:
Could not promote the content view:
Access denied
Missing one of the required permissions: promote_or_remove_content_views

Actual results:
Could not promote the content view:
Access denied
Missing one of the required permissions: promote_or_remove_content_views

Expected results:
Could not promote the content view:
Access denied
Missing one of the required permissions: promote_or_remove_content_views, view_content_views, edit_content_views, promote_or_remove_content_views_to_environment

Additional info:

Actions
Copy link

Also available in: Atom PDF