From 597804725b87a842c5c83bd5e26536e3d45b2716 Mon Sep 17 00:00:00 2001
From: Gregg Tanzillo <gtanzill@redhat.com>
Date: Thu, 21 Dec 2017 16:27:28 -0500
Subject: [PATCH] Expand scope of report definitions that a user can see

This change expands the existing scope of the current user's group to the current user's tenant
allowing visibility to all reports created by users within the tenant.

The scope was changed in https://github.com/ManageIQ/manageiq/pull/15472 but was too restrictive

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1526058
---
 app/models/miq_report.rb       |  2 +-
 spec/models/miq_report_spec.rb | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/app/models/miq_report.rb b/app/models/miq_report.rb
index 208b0e5d90c..ab03217f175 100644
--- a/app/models/miq_report.rb
+++ b/app/models/miq_report.rb
@@ -59,7 +59,7 @@ class MiqReport < ApplicationRecord
       all
     else
       where(
-        arel_table[:rpt_type].eq('Custom').and(arel_table[:miq_group_id].eq(user.current_group_id))
+        arel_table[:rpt_type].eq('Custom').and(arel_table[:miq_group_id].in(user.current_tenant.miq_groups.pluck(:id)))
         .or(
           arel_table[:rpt_type].eq('Default')
         )
diff --git a/spec/models/miq_report_spec.rb b/spec/models/miq_report_spec.rb
index 7c91bdfc7c0..94281897601 100644
--- a/spec/models/miq_report_spec.rb
+++ b/spec/models/miq_report_spec.rb
@@ -40,6 +40,24 @@
 end
 
 describe MiqReport do
+  context ".for_user" do
+    let(:my_user) { FactoryGirl.create(:user_with_group) }
+    let(:group_in_my_tenant) { FactoryGirl.create(:miq_group, :tenant => my_user.current_tenant) }
+
+    let(:other_tenant) { FactoryGirl.create(:tenant) }
+    let(:group_in_other_tenant) { FactoryGirl.create(:miq_group, :tenant => other_tenant) }
+
+    let!(:my_report) { FactoryGirl.create(:miq_report, :miq_group => my_user.current_group, :rpt_type => "Custom") }
+    let!(:report_in_my_tenant) { FactoryGirl.create(:miq_report, :miq_group => group_in_my_tenant, :rpt_type => "Custom") }
+    let!(:report_in_another_tenant) { FactoryGirl.create(:miq_report, :miq_group => group_in_other_tenant, :rpt_type => "Custom") }
+
+    it "returns reports created by me or anyone in a group in my tenant" do
+      User.current_user = my_user
+
+      expect(described_class.for_user(my_user)).to match_array([my_report, report_in_my_tenant])
+    end
+  end
+
   context "report with filtering in Registry" do
     let(:options)  { {:targets_hash => true, :userid => "admin"} }
     let(:miq_task) { FactoryGirl.create(:miq_task) }