Project/Volumes page do not respect policy.json value
Bug #1579111 reported by
Paul Karikh
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Dashboard (Horizon) |
Fix Released
|
Medium
|
Daniel Castellanos | ||
Bug Description
Let's assume that user/operator wants to restrict access to the Volumes page via policy.json file.
Looks like the best way to do it is to set '"volume:get_all": ["rule:
But if we do so and restart Horizon - nothing happens.
Volumes panel has following restrictions:
permissions = ('openstack.
Looks like we need to add some policy checks for this panel.
Revision history for this message
| Rob Cresswell (robcresswell-deactivatedaccount) wrote | #1 |
| Changed in horizon: | |
| status: | New → Confirmed |
| importance: | Undecided → High |
| importance: | High → Medium |
| milestone: | none → next |
| summary: |
- Project/Volumes page do not respect polic.json value + Project/Volumes page do not respect policy.json value |
| Changed in horizon: | |
| assignee: | nobody → Daniel Castellanos (luis-daniel-castellanos) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to horizon (master) | #2 |
| Changed in horizon: | |
| status: | Confirmed → In Progress |
Revision history for this message
| David Lyle (david-lyle) wrote | #3 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to horizon (master) | #4 |
| Changed in horizon: | |
| status: | In Progress → Fix Released |
| Changed in horizon: | |
| milestone: | next → ocata-1 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/horizon 11.0.0.0b1 | #5 |
To post a comment you must log in.
We should only block the panel when both get all and create are blocked; technically there could be a time when someone would allow creation but not listing, and we shouldn't block that regardless of obscurity.