Project

General

Profile

Actions

Bug #5664

closed

Users permissions on hosts are not working properly with organizations

Added by Dotan Paz almost 10 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Urgent
Assignee:
Category:
Users, Roles and Permissions
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Hi ,
After an upgrade from 1.4.1 to 1.5 , users are unable to perform their old tasks (build ,run puppet , edit hosts etc) .
After taking a closer look at the user permissions , I've noticed that old user roles were renamed to "Anonymous_<username>_<oldrole> " .
I really have to sort it out quickly since users can't work .
I tried removing the new roles and adding back the old ones but it didn't fix everything ,now those "manually edited" users appear in red under:
organizations --> QE-Test->users
and cannot be associated with the org (qe-test).

Thanks !


Related issues 3 (1 open2 closed)

Related to Foreman - Bug #5879: undefined local variable or method `scoped_search_definition' setting when setting permission filtersClosedDominic Cleal05/22/2014Actions
Related to Foreman - Bug #5541: Filter of resource type Organization can result in error condition when trying to access organization resourcesClosedMarek Hulán05/01/2014Actions
Blocks Foreman - Tracker #4552: New permissions/authorization system issuesNew

Actions
Actions #1

Updated by Dominic Cleal almost 10 years ago

  • Tracker changed from Feature to Bug
  • Target version set to 1.8.3

Were any permissions assigned to the new roles? What permissions were assigned to users in 1.4?

Actions #2

Updated by Dominic Cleal almost 10 years ago

  • Category changed from Authentication to Users, Roles and Permissions
Actions #3

Updated by Marek Hulán almost 10 years ago

  • Status changed from New to Assigned
  • Assignee set to Marek Hulán
Actions #4

Updated by Marek Hulán almost 10 years ago

The migration assigned all filters to user's organizations, however Host filters do not support organizations (they do not include Taxonomix) and hosts can be assigned only to one organization. The code that searches filters raised an exception which is ignored silently and the result of searching was an empty set.

To remove host filter taxonomy associations you can run these two commands in rails console. The second one should print true. Don't forget to backup your database before running it. This will remove any organization assignment of host filters. It may not be your desired setup so be careful.

filters = Filter.all.select { |filter| filter.resource_type == 'Host'&& !filter.taxonomy_search.nil?  }
filters.map { |filter| filter.update_attribute :taxonomy_search, nil }

I'll work on fixing taxonomy filters for hosts and disallowing it for resources that do not support them. Also I'll try to find the silent exception swallowing and remove it.

Actions #5

Updated by Dominic Cleal almost 10 years ago

  • translation missing: en.field_release set to 16
Actions #6

Updated by Dominic Cleal almost 10 years ago

  • Blocks Tracker #4552: New permissions/authorization system issues added
Actions #7

Updated by Marek Hulán almost 10 years ago

  • Subject changed from Users permissions in 1.5 are not working properly to Users permissions on hosts are not working properly with organizations
  • Status changed from Assigned to Ready For Testing

Migration works correctly. I fixed the scopes on Host object, since it does not include Taxonomix (because host belongs to one taxonomy) we have to define scope manually.

PR is here https://github.com/theforeman/foreman/pull/1438

Actions #8

Updated by Marek Hulán almost 10 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #9

Updated by Dominic Cleal almost 10 years ago

  • Related to Bug #5879: undefined local variable or method `scoped_search_definition' setting when setting permission filters added
Actions #10

Updated by Dominic Cleal almost 10 years ago

  • Related to Bug #5541: Filter of resource type Organization can result in error condition when trying to access organization resources added
Actions #11

Updated by Bryan Kearney almost 10 years ago

  • Bugzilla link set to https://bugzilla.redhat.com/show_bug.cgi?id=1107702
Actions

Also available in: Atom PDF