Project

General

Profile

Bug #5541

Filter of resource type Organization can result in error condition when trying to access organization resources

Added by Eric Helms about 5 years ago. Updated 11 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Authorization
Target version:
Difficulty:
Triaged:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

1. Create new role
2. Create new user
3. Assign user to new role
4. Add filter to role of resource type 'Organization', select 'edit_organization' verb
5. Click organizations tab and select 'ACME_Corporation'
6. As the new user, with only the new role, do a PUT to /api/v2/organizations/1

Error Output:

{
"error": {
"message": "Field 'organization_id' not recognized for searching!",
"class": "ScopedSearch::QueryNotSupported"
}
}


Related issues

Related to Foreman - Bug #5664: Users permissions on hosts are not working properly with organizationsClosed2014-05-11
Related to Foreman - Bug #7615: Unable to create a non-taxonomy role filter when current context setClosed2014-09-23
Is duplicate of Foreman - Bug #5397: Architectures filter blows up if an organization is selectedDuplicate2014-04-22
Blocks Foreman - Tracker #4552: New permissions/authorization system issuesNew

Associated revisions

Revision 0b1527e4 (diff)
Added by Marek Hulán over 4 years ago

Fixes #5541 - disallow taxonomy assignment

If a filter resource does not support taxonomy assignment, we don't
allow to assign them to filter.

History

#1 Updated by Dominic Cleal about 5 years ago

  • Category set to Authorization

#2 Updated by Dominic Cleal about 5 years ago

  • Related to Bug #5397: Architectures filter blows up if an organization is selected added

#3 Updated by Dominic Cleal about 5 years ago

  • Blocks Tracker #4552: New permissions/authorization system issues added

#4 Updated by Dominic Cleal about 5 years ago

  • Legacy Backlogs Release (now unused) set to 16

#5 Updated by Dominic Cleal about 5 years ago

  • Target version set to 1.8.2

#6 Updated by Marek Hulán almost 5 years ago

  • Status changed from New to Need more information

Could you please retest with develop branch? I think this was fixed in #5664 since you can't set taxonomy filters for resources that do not support it. See https://github.com/theforeman/foreman/commit/82b4749eeddabc542ebf1eaec6fdf2d76d2fdd75 for more details.

#7 Updated by Marek Hulán almost 5 years ago

  • Related to deleted (Bug #5397: Architectures filter blows up if an organization is selected)

#8 Updated by Marek Hulán almost 5 years ago

  • Is duplicate of Bug #5397: Architectures filter blows up if an organization is selected added

#9 Updated by Dominic Cleal almost 5 years ago

  • Status changed from Need more information to Duplicate

#10 Updated by Dominic Cleal almost 5 years ago

  • Status changed from Duplicate to Feedback
  • Target version deleted (1.8.2)
  • Legacy Backlogs Release (now unused) deleted (16)

#11 Updated by Dominic Cleal almost 5 years ago

  • Related to Bug #5664: Users permissions on hosts are not working properly with organizations added

#12 Updated by Bryan Kearney almost 5 years ago

  • Bugzilla link set to https://bugzilla.redhat.com/show_bug.cgi?id=1098709

#13 Updated by Eric Helms almost 5 years ago

  • Status changed from Feedback to New

While this has been fixed via taxonomy hiding for resource types that don't support it, the bug is still possible the API. For example,

POST /api/v2/filters

{
"role_id": 9,
"permission_ids": [98],
"organization_ids": [1]
}

Result: {
"id": 152,
"search": null,
"resource_type": "Organization",
"unlimited?": true,
"created_at": "2014-08-14T13:12:59Z",
"updated_at": "2014-08-14T13:12:59Z",
"role": {
"name": "Test Role",
"id": 9
},
"permissions": [ {
"name": "edit_organizations",
"id": 98,
"resource_type": "Organization"
}
],
"organizations": [ {
"id": 1,
"name": "Default_Organization"
}
],
}

#14 Updated by Marek Hulán over 4 years ago

  • Status changed from New to Assigned
  • Assignee set to Marek Hulán
  • Target version set to 1.7.4

#15 Updated by The Foreman Bot over 4 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/1726 added
  • Pull request deleted ()

#16 Updated by Dmitri Dolguikh over 4 years ago

  • Target version changed from 1.7.4 to 1.7.3

#17 Updated by Dominic Cleal over 4 years ago

  • Legacy Backlogs Release (now unused) set to 21

#18 Updated by Marek Hulán over 4 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#19 Updated by Dominic Cleal over 4 years ago

  • Related to Bug #7615: Unable to create a non-taxonomy role filter when current context set added

Also available in: Atom PDF