Actions
Bug #47331
closedmgr/dashboard: non-administrator users can't login when telemetry notification is on
% Done:
0%
Source:
Tags:
Backport:
octopus
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
Steps to reproduce:
- Create a user with a role other than `administrator`. e.g. pool-manager
- Use the browser with incognito mode to visit the Dashboard (Need Telemetry notification to be on).
- Login with the new user, the user will be redirected to the 403 Forbidden page.
The cause might be that telemetry component checks the user's role, but the new user doesn't have the permission to get `/api/user/<name>`.
See:
https://github.com/ceph/ceph/blob/b54e27093082cc5b1a3bebc0a8b2590efc948e7d/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.ts#L32-L44
Actions