[2.5, RBAC] Non-superuser can't edit their devices

Bug #1811665 reported by Björn Tillenius on 2019-01-14
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
High
Alberto Donato

Bug Description

This is with MAAS 2.5.1-7489-g2f25a2cc0-0ubuntu1~18.04.1 and RBAC enabled.

I log in as a user that has only roles on resource pools, but not on MAAS
globally.

I can add a device successfully, but if I then try to add a new network
interface to the device, the "Save interface" button doesn't work.

I also can't edit the name of the device, nor adding tags, nor delete the device.

This is true for both the UI and the API.

Looking at the logs, I see this:

2019-01-14 11:07:03 maasserver.websockets.protocol: [critical] Error on request
(797) device.create_physical:
        Traceback (most recent call last):
          File "/usr/lib/python3.6/threading.py", line 864, in run
            self._target(*self._args, **self._kwargs)
          File "/usr/lib/python3/dist-packages/provisioningserver/utils/twisted.
py", line 852, in worker
            return target()
          File "/usr/lib/python3/dist-packages/twisted/_threads/_threadworker.py
", line 46, in work
            task()
          File "/usr/lib/python3/dist-packages/twisted/_threads/_team.py", line 190, in doWork
            task()
        --- <exception caught here> ---
          File "/usr/lib/python3/dist-packages/twisted/python/threadpool.py", line 250, in inContext
            result = inContext.theWork()
          File "/usr/lib/python3/dist-packages/twisted/python/threadpool.py", line 266, in <lambda>
            inContext.theWork = lambda: context.call(ctx, func, *args, **kw)
          File "/usr/lib/python3/dist-packages/twisted/python/context.py", line 122, in callWithContext
            return self.currentContext().callWithContext(ctx, func, *args, **kw)
          File "/usr/lib/python3/dist-packages/twisted/python/context.py", line 85, in callWithContext
            return func(*args,**kw)
          File "/usr/lib/python3/dist-packages/provisioningserver/utils/twisted.py", line 885, in callInContext
            return func(*args, **kwargs)
          File "/usr/lib/python3/dist-packages/provisioningserver/utils/twisted.py", line 234, in wrapper
            result = func(*args, **kwargs)
          File "/usr/lib/python3/dist-packages/maasserver/utils/orm.py", line 756, in call_within_transaction
            return func_outside_txn(*args, **kwargs)
          File "/usr/lib/python3/dist-packages/maasserver/utils/orm.py", line 563, in retrier
            return func(*args, **kwargs)
          File "/usr/lib/python3.6/contextlib.py", line 52, in inner
            return func(*args, **kwds)
          File "/usr/lib/python3/dist-packages/maasserver/websockets/base.py", line 386, in prep_user_execute
            return method(params)
          File "/usr/lib/python3/dist-packages/maasserver/websockets/handlers/device.py", line 322, in create_physical
            return self.create_interface(params)
          File "/usr/lib/python3/dist-packages/maasserver/websockets/handlers/device.py", line 311, in create_interface
            device = self.get_object(params, permission=self._meta.edit_permission)
          File "/usr/lib/python3/dist-packages/maasserver/websockets/base.py", line 322, in get_object
            raise HandlerPermissionError()
        maasserver.websockets.base.HandlerPermissionError:

Related branches

tags: added: rbac
summary: - [2.5, RBAC] Non-superuser can't add interface to their devices
+ [2.5, RBAC] Non-superuser can't edit their devices
description: updated
Changed in maas:
status: New → Triaged
importance: Undecided → High
milestone: none → 2.5.1
description: updated
description: updated
Alberto Donato (ack) on 2019-01-28
Changed in maas:
assignee: nobody → Alberto Donato (ack)
Alberto Donato (ack) on 2019-01-28
Changed in maas:
status: Triaged → In Progress
Changed in maas:
status: In Progress → Fix Committed
Changed in maas:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers