From e6b7894ba65232af6979f55dfab069ecdeefa849 Mon Sep 17 00:00:00 2001
From: Brandon Dunne <brandondunne@hotmail.com>
Date: Tue, 1 May 2018 09:38:12 -0400
Subject: [PATCH] Merge pull request #17347 from
 yrudman/do-not-changed-user-current-group-when-do-rback-search

Do not change current_group for super admin user when executing Rbac#lookup_user_group
(cherry picked from commit 2d81fcec137de378fbbb377e52f6fcea1baa7124)

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1573540
---
 lib/rbac/filterer.rb           | 22 ++++++++++++----------
 spec/lib/rbac/filterer_spec.rb |  8 ++++++++
 2 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/lib/rbac/filterer.rb b/lib/rbac/filterer.rb
index 8e4e94839232..d689d8a82b75 100644
--- a/lib/rbac/filterer.rb
+++ b/lib/rbac/filterer.rb
@@ -585,16 +585,18 @@ def lookup_user_group(user, userid, miq_group, miq_group_id)
       miq_group_id ||= miq_group.try!(:id)
       return [user, user.current_group] if user && user.current_group_id.to_s == miq_group_id.to_s
 
-      if user
-        if miq_group_id && (detected_group = user.miq_groups.detect { |g| g.id.to_s == miq_group_id.to_s })
-          user.current_group = detected_group
-        elsif miq_group_id && user.super_admin_user?
-          user.current_group = miq_group || MiqGroup.find_by(:id => miq_group_id)
-        end
-      else
-        miq_group ||= miq_group_id && MiqGroup.find_by(:id => miq_group_id)
-      end
-      [user, user.try(:current_group) || miq_group]
+      group = if user
+                if miq_group_id && (detected_group = user.miq_groups.detect { |g| g.id.to_s == miq_group_id.to_s })
+                  user.current_group = detected_group
+                elsif miq_group_id && user.super_admin_user?
+                  miq_group || MiqGroup.find_by(:id => miq_group_id)
+                else
+                  user.try(:current_group)
+                end
+              else
+                miq_group || (miq_group_id && MiqGroup.find_by(:id => miq_group_id))
+              end
+      [user, group]
     end
 
     # for reports, user is currently nil, so use the group filter
diff --git a/spec/lib/rbac/filterer_spec.rb b/spec/lib/rbac/filterer_spec.rb
index 090145042b7c..b92e6abdcac1 100644
--- a/spec/lib/rbac/filterer_spec.rb
+++ b/spec/lib/rbac/filterer_spec.rb
@@ -1970,6 +1970,14 @@ def get_rbac_results_for_and_expect_objects(klass, expected_objects)
         _, group = filter.send(:lookup_user_group, admin, nil, nil, random_group.id)
         expect(group).to eq(random_group)
       end
+
+      it "does not update user.current_group if user is super admin" do
+        admin = FactoryGirl.create(:user_admin)
+        admin_group = admin.current_group
+        random_group = FactoryGirl.create(:miq_group)
+        filter.send(:lookup_user_group, admin, nil, nil, random_group.id)
+        expect(admin.current_group).to eq(admin_group)
+      end
     end
 
     context "user" do