Fixes #24268 - Add permissions to canned admin

[xprazak2]

Depends on theforeman/foreman#5841

[theforeman-bot]

Issues: #24268

[chris1984]

[test katello]

[xprazak2]

Tests will be failing until the foreman part is merged.

[san7ket]

I am getting a error, on rake:compile while I try to compile it with foreman's PR.
Looks like we need a rebase here on katello 3.9.0

rake aborted!
Foreman::Exception: ERF42-2432 [Foreman::Exception]: Invalid role name, only ''Viewer', 'Manager', 'Organization admin', 'System admin'' is allowed to be extended from a plugin
/home/vagrant/foreman/app/registries/foreman/plugin/rbac_support.rb:42:in `check_role_name_before_extending'
/home/vagrant/foreman/app/registries/foreman/plugin/rbac_support.rb:33:in `block in add_permissions_to_default_roles'
/home/vagrant/foreman/app/registries/foreman/plugin/rbac_support.rb:32:in `each'
/home/vagrant/foreman/app/registries/foreman/plugin/rbac_support.rb:32:in `add_permissions_to_default_roles'
/home/vagrant/foreman/app/registries/foreman/plugin.rb:310:in `block (2 levels) in add_permissions_to_default_roles'

[san7ket]

Needs a name change here to System admin

[xprazak2]

Rebased and updated.

[johnsonm325]

[test katello]

[johnsonm325]

@xprazak2 Looks like we have another "rake aborted!" error in the tests.

rake aborted!
ActiveRecord::NoDatabaseError: FATAL:  database "katello-pr-test-3452-development" does not exist

[xprazak2]

[test katello]

[xprazak2]

@johnsonm325, what do I have to do to make the tests pass? The db still fails to get configured properly...

[johnsonm325]

[test katello]

[evgeni]

I think add_permissions_to_default_roles needs to go inside Foreman::Plugin.register :katello do to work properly

[evgeni]

nvm, I can't count.

[xprazak2]

The whole file is one big block, I think it is inside.

[evgeni]

So I had another look at this.

Please have a look at
https://github.com/theforeman/foreman/blob/0c08b71336684e60669fe952ca65e36bd4f7c133/app/registries/foreman/plugin.rb#L317-L324
add_all_permissions_to_default_roles has a return if Foreman.in_setup_db_rake? || !permission_table_exists?, so that function is basically a noop while we run rake db:create. But add_permissions_to_default_roles does not have such a guard, and so it executes, before the table was created and boom.

[evgeni]

Opened https://projects.theforeman.org/issues/25312

[tbrisker]

core side has been merged

[evgeni]

[test katello]

[evgeni]

Tests pass now. Rubocop is unhappy, but that's unrelated to this PR.

[jturel]

[test katello]

[chris1984]

@jturel Tests are passing now

[beav]

is this no longer "blocked by another pr"?

[evgeni]

Correct, both the core feature and the test fix were merged

[san7ket]

Yes, the core feature is merged, I have one question though, if this is merged now, will we still get this in katello 3.9 RC (if there's another) or it goes in 3.10 ?

[jturel]

Looks good. I pinged @zjhuntin on getting it into 3.9 since he is the release owner.

One question - how was the determination made as to which permissions should be applied to 'System admin'

[xprazak2]

'System admin' is supposed to create new organizations and because the organization default content view and library lifecycle env are created during that process, permissions for these two are needed for organization to be successfully created.

[jturel]

Works as advertised 🥇

[jturel]

@san7ket this will be part of 3.9!

[xprazak2]

I opened #7826 with a cp into 3.9 branch.