Views accessible via url even if user doesn't match policy rules
Bug #1741051 reported by
David Gutman
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Dashboard (Horizon) |
Fix Released
|
Wishlist
|
David Gutman | ||
Bug Description
When a user doesn't match the policy rules of a panel then the panel tab is removed from the menu of the left, but panel views are still accessible using directly the url (ex /admin/flavors/).
In most of the case, views won't work correctly because of the lack of right in the backend, but it may cause trouble when you play with policies.
I think it could be more elegant to return directly a "You are not authorized to access this page" from the frontend when user try to access a view of a panel (via url) without matching the policy rules.
| Changed in horizon: | |
| assignee: | nobody → David Gutman (david.gutman) |
| Changed in horizon: | |
| status: | New → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to horizon (master) | #1 |
| Changed in horizon: | |
| assignee: | David Gutman (david.gutman) → Ivan Kolodyazhny (e0ne) |
| Changed in horizon: | |
| assignee: | Ivan Kolodyazhny (e0ne) → David Gutman (david.gutman) |
| Changed in horizon: | |
| assignee: | David Gutman (david.gutman) → Akihiro Motoki (amotoki) |
| Changed in horizon: | |
| assignee: | Akihiro Motoki (amotoki) → David Gutman (david.gutman) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to horizon (master) | #2 |
| Changed in horizon: | |
| status: | In Progress → Fix Released |
| Changed in horizon: | |
| importance: | Undecided → Wishlist |
| milestone: | none → queens-rc1 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/horizon 13.0.0.0rc1 | #3 |
| tags: | added: pike-backport-potential |
| tags: | added: ocata-backport-potential |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to horizon (stable/pike) | #4 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to horizon (stable/ocata) | #5 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote | #6 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Change abandoned on horizon (stable/pike) | #7 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Change abandoned on horizon (stable/ocata) | #8 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to horizon (stable/pike) | #9 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to horizon (stable/pike) | #10 |
| tags: | added: in-stable-pike |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Change abandoned on horizon (stable/ocata) | #11 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/horizon 12.0.3 | #12 |
To post a comment you must log in.
Fix proposed to branch: master
Review: https:/