Merge pull request ManageIQ#17347 from yrudman/do-not-changed-user-cu…

…rrent-group-when-do-rback-search

Do not change current_group for super admin user when executing Rbac#lookup_user_group
(cherry picked from commit 2d81fce)

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1573540

lib/rbac/filterer.rb

@@ -585,16 +585,18 @@ def lookup_user_group(user, userid, miq_group, miq_group_id)
  miq_group_id ||= miq_group.try!(:id)
  return [user, user.current_group] if user && user.current_group_id.to_s == miq_group_id.to_s
 
- if user
- if miq_group_id && (detected_group = user.miq_groups.detect { |g| g.id.to_s == miq_group_id.to_s })
- user.current_group = detected_group
- elsif miq_group_id && user.super_admin_user?
- user.current_group = miq_group || MiqGroup.find_by(:id => miq_group_id)
- end
- else
- miq_group ||= miq_group_id && MiqGroup.find_by(:id => miq_group_id)
- end
- [user, user.try(:current_group) || miq_group]
+ group = if user
+ if miq_group_id && (detected_group = user.miq_groups.detect { |g| g.id.to_s == miq_group_id.to_s })
+ user.current_group = detected_group
+ elsif miq_group_id && user.super_admin_user?
+ miq_group || MiqGroup.find_by(:id => miq_group_id)
+ else
+ user.try(:current_group)
+ end
+ else
+ miq_group || (miq_group_id && MiqGroup.find_by(:id => miq_group_id))
+ end
+ [user, group]
  end
 
  # for reports, user is currently nil, so use the group filter

spec/lib/rbac/filterer_spec.rb

@@ -1970,6 +1970,14 @@ def get_rbac_results_for_and_expect_objects(klass, expected_objects)
  _, group = filter.send(:lookup_user_group, admin, nil, nil, random_group.id)
  expect(group).to eq(random_group)
  end
+
+ it "does not update user.current_group if user is super admin" do
+ admin = FactoryGirl.create(:user_admin)
+ admin_group = admin.current_group
+ random_group = FactoryGirl.create(:miq_group)
+ filter.send(:lookup_user_group, admin, nil, nil, random_group.id)
+ expect(admin.current_group).to eq(admin_group)
+ end
  end
 
  context "user" do