Project

General

Profile

Actions
Copy link

Bug #36272

closed

Read-only user should not see "Purge Trash" action

Added by Ricardo Marques over 5 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Tiago Melo
Category:
Component - RBD
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

After login with a read-only user, I'm able to see an action that should require "delete" permissions:

Files

s1.png (8.55 KB) s1.png Ricardo Marques, 10/01/2018 04:49 PM
Actions
Copy link
 #1

Updated by Volker Theile over 5 years ago

We should add unit tests for those scenarious to make sure that this does not happen. Hardening the WebUI and make sure a user is not allowed to do actions with higher privileges is really important nowadays.

Actions
Copy link
 #2

Updated by Tiago Melo over 5 years ago

  • Status changed from New to Fix Under Review
Actions
Copy link
 #3

Updated by Ricardo Marques over 5 years ago

  • Status changed from Fix Under Review to Resolved
Actions
Copy link
 #4

Updated by Ernesto Puerta about 3 years ago

  • Project changed from mgr to Dashboard
  • Category changed from 139 to Component - RBD
Actions
Copy link

Also available in: Atom PDF