Bug #5550
open
assigning resource to org or location only available via org/loc api
Description
The way to add a compute resource to an organization is to pass it to the org update api in the compute_resource_ids field. This field, however, must contain all the ids not just the one being added.
To do this, first a call must be made to get the org, then the new compute resource id can be added, and then update called.
However, consider the case where a user, through their roles, only has a subset of the compute resources visible. Following the steps above, they would get just the existing compute resources they had permission to see, add the new compute resource id to the list, and call update. This would (attempt to?) remove all the other compute resources that the user did not have visibility into on that org.
The same applies for locations since they are implemented similarly through taxonomy.
Updated by Thomas McKay almost 10 years ago
- Bugzilla link set to https://bugzilla.redhat.com/show_bug.cgi?id=1103157
Updated by Dominic Cleal almost 10 years ago
- Project changed from Katello to Foreman
- Category changed from 81 to API
Updated by Tom Caspy over 9 years ago
this is interesting...
It isn't a "bug" per se, it's an improvement to the ActiveRecord API.
Basically, Active Record expects the setter to have all ids, which makes sense. as we invoke the foo_ids= method. This would require adding a method to add / remove ids from lists, which makes sense, but isn't by design. I think this should be discussed before we implement this.