Actions
Bug #36272
closedRead-only user should not see "Purge Trash" action
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
After login with a read-only user, I'm able to see an action that should require "delete" permissions:
Files
Updated by Volker Theile over 5 years ago
We should add unit tests for those scenarious to make sure that this does not happen. Hardening the WebUI and make sure a user is not allowed to do actions with higher privileges is really important nowadays.
Updated by Tiago Melo over 5 years ago
- Status changed from New to Fix Under Review
Updated by Ricardo Marques over 5 years ago
- Status changed from Fix Under Review to Resolved
Updated by Ernesto Puerta about 3 years ago
- Project changed from mgr to Dashboard
- Category changed from 139 to Component - RBD
Actions