From 4bfb191bf39ffcfbfd1612d80fa75a670f0925da Mon Sep 17 00:00:00 2001
From: Keenan Brock <keenan@thebrocks.net>
Date: Sat, 18 Aug 2018 22:24:25 -0400
Subject: [PATCH 1/2] Set the cred.manager to an EMS not a Provider

Credentials created by EmsRefresh set the credential.manager to the
AutomationManager not a Provider. This causes issues where
credential.manager is expected to be an ExtManagementSystem type.
---
 spec/requests/authentications_spec.rb | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/spec/requests/authentications_spec.rb b/spec/requests/authentications_spec.rb
index fb11dd2fe5..8396267a5c 100644
--- a/spec/requests/authentications_spec.rb
+++ b/spec/requests/authentications_spec.rb
@@ -1,7 +1,7 @@
 RSpec.describe 'Authentications API' do
-  let(:provider) { FactoryGirl.create(:provider_ansible_tower) }
-  let(:auth) { FactoryGirl.create(:ansible_cloud_credential, :resource => provider) }
-  let(:auth_2) { FactoryGirl.create(:ansible_cloud_credential, :resource => provider) }
+  let(:manager) { FactoryGirl.create(:automation_manager_ansible_tower) }
+  let(:auth) { FactoryGirl.create(:ansible_cloud_credential, :resource => manager) }
+  let(:auth_2) { FactoryGirl.create(:ansible_cloud_credential, :resource => manager) }
 
   describe 'GET/api/authentications' do
     it 'lists all the authentication configuration script bases with an appropriate role' do
@@ -59,7 +59,6 @@
   end
 
   describe 'POST /api/authentications' do
-    let(:manager) { provider.managers.first }
     let(:params) do
       {
         :id          => auth.id,

From a88382bfb8da9d2066f9b944550968e03286dcb0 Mon Sep 17 00:00:00 2001
From: Keenan Brock <keenan@thebrocks.net>
Date: Thu, 9 Aug 2018 16:24:55 -0400
Subject: [PATCH 2/2] Change request_controller special privileges

bf3b8020 moved us away from user.is_admin?
This is based upon the miq_request_superadmin feature.
The UI used a different feature, miq_request_approval.

This changes the feature identifier to make the UI and API the same.

miq_request_superadmin will be deprecated

https://bugzilla.redhat.com/show_bug.cgi?id=1608554
---
 spec/requests/automation_requests_spec.rb | 4 ++--
 spec/requests/provision_requests_spec.rb  | 6 +++---
 spec/requests/requests_spec.rb            | 4 ++--
 spec/requests/service_requests_spec.rb    | 4 ++--
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/spec/requests/automation_requests_spec.rb b/spec/requests/automation_requests_spec.rb
index e8607e9b01..9bf367aa7a 100644
--- a/spec/requests/automation_requests_spec.rb
+++ b/spec/requests/automation_requests_spec.rb
@@ -46,7 +46,7 @@
     end
 
     it "lists all the automation requests if you are admin" do
-      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_superadmin))
+      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_approval))
       other_user = FactoryGirl.create(:user)
       automation_request1 = FactoryGirl.create(:automation_request, :requester => other_user)
       automation_request2 = FactoryGirl.create(:automation_request, :requester => @user)
@@ -77,7 +77,7 @@
     end
 
     it "an admin can see another user's request" do
-      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_superadmin))
+      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_approval))
       other_user = FactoryGirl.create(:user)
       automation_request = FactoryGirl.create(:automation_request, :requester => other_user)
       api_basic_authorize action_identifier(:automation_requests, :read, :resource_actions, :get)
diff --git a/spec/requests/provision_requests_spec.rb b/spec/requests/provision_requests_spec.rb
index b7c53f3b93..8fce52da73 100644
--- a/spec/requests/provision_requests_spec.rb
+++ b/spec/requests/provision_requests_spec.rb
@@ -222,7 +222,7 @@
     end
 
     it "lists all the provision requests if you are admin" do
-      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_superadmin))
+      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_approval))
       other_user = FactoryGirl.create(:user)
       provision_request1 = FactoryGirl.create(:miq_provision_request, :requester => other_user)
       provision_request2 = FactoryGirl.create(:miq_provision_request, :requester => @user)
@@ -253,7 +253,7 @@
     end
 
     it "an admin can see another user's request" do
-      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_superadmin))
+      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_approval))
       other_user = FactoryGirl.create(:user)
       provision_request = FactoryGirl.create(:miq_provision_request, :requester => other_user)
       api_basic_authorize action_identifier(:provision_requests, :read, :resource_actions, :get)
@@ -383,7 +383,7 @@
     let(:provreq2_url)  { api_provision_request_url(nil, provreq2) }
 
     before do
-      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_superadmin))
+      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_approval))
     end
 
     it "supports approving a request" do
diff --git a/spec/requests/requests_spec.rb b/spec/requests/requests_spec.rb
index 900ee70e77..2d6972d87f 100644
--- a/spec/requests/requests_spec.rb
+++ b/spec/requests/requests_spec.rb
@@ -71,7 +71,7 @@
     end
 
     it "lists all the service requests if you are admin" do
-      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_superadmin))
+      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_approval))
       other_user = FactoryGirl.create(:user)
       service_request_1 = FactoryGirl.create(:service_template_provision_request,
                                              :requester   => other_user,
@@ -98,7 +98,7 @@
     end
 
     it "an admin can see another user's request" do
-      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_superadmin))
+      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_approval))
       other_user = FactoryGirl.create(:user)
       service_request = FactoryGirl.create(:service_template_provision_request,
                                            :requester   => other_user,
diff --git a/spec/requests/service_requests_spec.rb b/spec/requests/service_requests_spec.rb
index b6e062da6a..594627f582 100644
--- a/spec/requests/service_requests_spec.rb
+++ b/spec/requests/service_requests_spec.rb
@@ -233,7 +233,7 @@ def expect_result_to_have_user_email(email)
     end
 
     it "lists all the service requests if you are admin" do
-      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_superadmin))
+      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_approval))
       other_user = FactoryGirl.create(:user)
       service_request_1 = FactoryGirl.create(:service_template_provision_request,
                                              :requester   => other_user,
@@ -260,7 +260,7 @@ def expect_result_to_have_user_email(email)
     end
 
     it "an admin can see another user's request" do
-      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_superadmin))
+      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_approval))
       other_user = FactoryGirl.create(:user)
       service_request = FactoryGirl.create(:service_template_provision_request,
                                            :requester   => other_user,