Project

General

Profile

Actions

Bug #20165

closed

API - non-admin user can't create entities within org and loc he belongs to

Added by Marek Hulán over 6 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Organizations and Locations
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1464137

Description of problem:
Newly created non-admin user with create permissions can't create entity within organization and location he belongs to (in example below it is Subnet and 'create_subnets'). Other entities affected as well (tested with Subnet, Host and Domain).

Making HTTP POST request to https://sat6.com/api/v2/users with options... and data {"user": {..., "location_ids": [491], "organization_ids": [490]}}.

Received HTTP 201 response: {"default_location":null,"locations":[{"id":491,"name":"OgyTrUojzLM","title":"OgyTrUojzLM","description":null}],"default_organization":null,"organizations":[{"id":490,"name":"hfspaJbBY","title":"hfspaJbBY","description":null}],...}

Making HTTP POST request to https://sat6.com/api/v2/subnets with options ... and data {"subnet": {..., "location_ids": [491], "organization_ids": [490]}}.

Received HTTP 422 response: {
"error": {"id":null,"errors":{"organization_ids":["Invalid organizations selection, you must select at least one of yours"],"location_ids":["Invalid locations selection, you must select at least one of yours"]},"full_messages":["Organization ids Invalid organizations selection, you must select at least one of yours","Location ids Invalid locations selection, you must select at least one of yours"]}

Version-Release number of selected component (if applicable):
Satellite 6.3 Snap 3.0:
  • satellite-6.3.0-15.0.beta.el7sat.noarch
  • foreman-1.15.0-1.el7sat.noarch
  • katello-3.4.1-1.el7sat.noarch

How reproducible:
Always

Steps to Reproduce:
1. Create non-admin user with org and loc and grant create permissions (e.g. create_domains)
2. Try to create entity (e.g. Domain)
3. Check whether it was created or error is raised

Actual results:
422 error

Expected results:
Entity should be created

Additional info:

It's caused by the fact the user was not granted "assign_location" and "assign_organization". This is "expected behavior" but the error message should be updated to better explain what's going on.

Actions #1

Updated by The Foreman Bot over 6 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Marek Hulán
  • Pull request https://github.com/theforeman/foreman/pull/4632 added
Actions #2

Updated by Anonymous over 6 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #3

Updated by Marek Hulán over 6 years ago

  • Subject changed from API - non-admin user can't create entities within org and loc he belongs to to API - non-admin user can't create entities within org and loc he belongs to
  • translation missing: en.field_release set to 240
Actions

Also available in: Atom PDF