Actions
Bug #47331
closedmgr/dashboard: non-administrator users can't login when telemetry notification is on
% Done:
0%
Source:
Tags:
Backport:
octopus
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
Steps to reproduce:
- Create a user with a role other than `administrator`. e.g. pool-manager
- Use the browser with incognito mode to visit the Dashboard (Need Telemetry notification to be on).
- Login with the new user, the user will be redirected to the 403 Forbidden page.
The cause might be that telemetry component checks the user's role, but the new user doesn't have the permission to get `/api/user/<name>`.
See:
https://github.com/ceph/ceph/blob/b54e27093082cc5b1a3bebc0a8b2590efc948e7d/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.ts#L32-L44
Updated by Lenz Grimmer over 3 years ago
- Assignee set to Tatjana Dehler
Good spotting! Thanks for reporting. @Tatjana, can you please take a look at this? Thank you!
Updated by Tatjana Dehler over 3 years ago
- Status changed from New to In Progress
- Pull request ID set to 37043
Updated by Lenz Grimmer over 3 years ago
- Status changed from In Progress to Pending Backport
- Target version set to v16.0.0
Updated by Nathan Cutler over 3 years ago
- Copied to Backport #47606: octopus: mgr/dashboard: non-administrator users can't login when telemetry notification is on added
Updated by Lenz Grimmer over 3 years ago
- Status changed from Pending Backport to Resolved
Updated by Ernesto Puerta about 3 years ago
- Project changed from mgr to Dashboard
- Category changed from 132 to General
Actions