Juniper Openstack

[UI] Config pages not accessible if added some member role project to the user

Bug #1451313 reported by Biswajit Mandal
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R2.20
Fix Committed
High
Biswajit Mandal
Juniper Openstack r2.20-fcs
Trunk
Fix Committed
High
Biswajit Mandal
Juniper Openstack r3.0-fcs

Bug Description

If a project is added which the user does have a member role, then after selecting from the project list that project, it throws error, permission denied if multi tenancy is enabled, and we have set the cookie for that project which does have member role, so now onwards after clicking to any other config menu items, the same error occurs, as project cookie has been set to the member role project.

So to avoid this, we can have below:
1. Let the member role project be listed in the project list, as we can not get the role list without specifying user/password per tenant and we are not storing the user details, so selecting it, if 403 error comes from keystone, then do not change the project cookie from UI.

But one issue with current logic still exists, if the user was having member role on project p1, after login to the UI, if the role gets changed to admin, then that project does not come in the project-list, only way is to logout UI and then login back.

See original description
Tags: blocker ui
Rahul (rahuls)
Changed in juniperopenstack:
assignee: Rahul (rahuls) → Biswajit Mandal (bmandal)
Rahul (rahuls)
Changed in juniperopenstack:
importance: Undecided → High
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : master

Review in progress for https://review.opencontrail.org/10003
Submitter: Biswajit Mandal (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : R2.20

Review in progress for https://review.opencontrail.org/10004
Submitter: Biswajit Mandal (<email address hidden>)

Ashish Ranjan (aranjan-n)
information type: Proprietary → Public
Biswajit Mandal (bmandal)
description: updated
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/10004
Committed: http://github.org/Juniper/contrail-web-core/commit/312746c6bbdd9e961d16d5cb31b062b45216d4e2
Submitter: Zuul
Branch: R2.20

commit 312746c6bbdd9e961d16d5cb31b062b45216d4e2
Author: Biswajit Mandal <email address hidden>
Date: Wed May 6 16:40:54 2015 +0530

Related-Bug: #1451313
1. After login, while getting the project-list request from client, get the
project list from keystone, if any project is not listed in
req.session.tokenObjs, then send token/role request for this project to
keystone, save the token and role information, if the role is admin, then add
this to the project list to be sent to UI.
2. Corrected the tokenid POST data in case keystone v3

Change-Id: I18a517636a90f80f9c2de939d7d222b56c91d7ef

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/10003
Committed: http://github.org/Juniper/contrail-web-core/commit/c913243adfe9d5588a25a2b7bce172e9f32cdd2e
Submitter: Zuul
Branch: master

commit c913243adfe9d5588a25a2b7bce172e9f32cdd2e
Author: Biswajit Mandal <email address hidden>
Date: Wed May 6 16:40:54 2015 +0530

Related-Bug: #1451313
1. After login, while getting the project-list request from client, get the
project list from keystone, if any project is not listed in
req.session.tokenObjs, then send token/role request for this project to
keystone, save the token and role information, if the role is admin, then add
this to the project list to be sent to UI.
2. Corrected the tokenid POST data in case keystone v3

Change-Id: I18a517636a90f80f9c2de939d7d222b56c91d7ef

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.