Project

General

Profile

Bug #47331

mgr/dashboard: non-administrator users can't login when telemetry notification is on

Added by Kiefer Chang 5 months ago. Updated 4 months ago.

Status:
Resolved
Priority:
Normal
Category:
dashboard/general
Target version:
% Done:

0%

Source:
Tags:
Backport:
octopus
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature:

Description

Steps to reproduce:

  • Create a user with a role other than `administrator`. e.g. pool-manager
  • Use the browser with incognito mode to visit the Dashboard (Need Telemetry notification to be on).
  • Login with the new user, the user will be redirected to the 403 Forbidden page.

The cause might be that telemetry component checks the user's role, but the new user doesn't have the permission to get `/api/user/<name>`.
See:
https://github.com/ceph/ceph/blob/b54e27093082cc5b1a3bebc0a8b2590efc948e7d/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.ts#L32-L44


Related issues

Copied to mgr - Backport #47606: octopus: mgr/dashboard: non-administrator users can't login when telemetry notification is on Resolved

History

#1 Updated by Lenz Grimmer 5 months ago

  • Assignee set to Tatjana Dehler

Good spotting! Thanks for reporting. @Tatjana, can you please take a look at this? Thank you!

#2 Updated by Tatjana Dehler 5 months ago

  • Status changed from New to In Progress
  • Pull request ID set to 37043

#3 Updated by Lenz Grimmer 4 months ago

  • Status changed from In Progress to Pending Backport
  • Target version set to v16.0.0

#4 Updated by Nathan Cutler 4 months ago

  • Copied to Backport #47606: octopus: mgr/dashboard: non-administrator users can't login when telemetry notification is on added

#5 Updated by Lenz Grimmer 4 months ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF