Project

General

Profile

Bug #36272

Read-only user should not see "Purge Trash" action

Added by Ricardo Marques 11 months ago. Updated 11 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
dashboard/rbd
Target version:
-
Start date:
10/01/2018
Due date:
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:

Description

After login with a read-only user, I'm able to see an action that should require "delete" permissions:

s1.png View (8.55 KB) Ricardo Marques, 10/01/2018 04:49 PM

History

#1 Updated by Volker Theile 11 months ago

We should add unit tests for those scenarious to make sure that this does not happen. Hardening the WebUI and make sure a user is not allowed to do actions with higher privileges is really important nowadays.

#2 Updated by Tiago Melo 11 months ago

  • Status changed from New to Need Review

#3 Updated by Ricardo Marques 11 months ago

  • Status changed from Need Review to Resolved

Also available in: Atom PDF