project detail link needs policy check
Bug #1418246 reported by
David Lyle
This bug affects 7 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Fix Released
|
High
|
Eric Peterson |
Bug Description
The projects panel is visible to end user and admin alike. The policy for listing user projects is admin_or_owner by default. The policy for getting project is admin_only. This causes the links to details for the end user to raise an error dialog. The link should not be active if the user does not have appropriate roles to get the details.
A general fix is needed for links in tables.
Changed in horizon: | |
assignee: | Alok Barsode (alok-barsode) → Eric Peterson (ericpeterson-l) |
status: | New → In Progress |
Changed in horizon: | |
assignee: | Eric Peterson (ericpeterson-l) → qiaomin032 (chen-qiaomin) |
Changed in horizon: | |
importance: | Low → Medium |
importance: | Medium → High |
Changed in horizon: | |
assignee: | qiaomin032 (chen-qiaomin) → Lin Hua Cheng (lin-hua-cheng) |
Changed in horizon: | |
assignee: | Lin Hua Cheng (lin-hua-cheng) → Eric Peterson (ericpeterson-l) |
To post a comment you must log in.
hi David, would you mind if I work on this one ?
I did a quick fixed for this with the following 1 line code in class TenantsTable( tables. DataTable) {openstack_ dashboard/ dashboards/ identity/ projects/ tables. py :} :
instead of hard coding the link attribute in the 'name' column I put a conditional: horizon: identity: projects: detail" ),
- link=("
+ link= (lambda obj: getattr(obj, 'link', None)),
and set the link attribute in IndexView to either "horizon: identity: projects: detail" or "None" depending on the user.
What would this be the right approach to fix this?
Thanks!