[2.5] Weird user experience for admin role when only has access to one resource pool
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| MAAS |
Fix Released
|
Critical
|
Blake Rouse | ||
Bug Description
I have a MAAS with 2 resource pools (default and test). All machines are under the 'default' resource pool. On the other hand, I have a user with RBAC permissions as such:
Global entities
- all -> No permission
Resource pool
- all -> No permission
- default -> No permission
- test -> Permission as Admin Role.
When I go to the UI:
A. With regards to global entities:
1. I can edit the settings (e.g. I changed the MAAS name in general settings even though it doesn't have 'Global entities' permissions).
B. With regards to resource pools:
1. The user can see that there's only 1 resource pool, instead of 2. He can only see 'test' resource pool.
2. The user can see all the machines in the machine listing under 'resource pool', even though it cannot see the resource pool where they belong. Also note they cannot use them (e.g. release, deploy, etc).
Related branches
- Lee Trager (community): Approve
- Mike Pontillo (community): Approve
- MAAS Lander: Pending (unittests) requested
-
Diff: 277 lines (+100/-34)7 files modifiedsrc/maasserver/macaroon_auth.py (+13/-10)
src/maasserver/models/node.py (+1/-1)
src/maasserver/models/tests/test_node.py (+9/-0)
src/maasserver/rbac.py (+4/-2)
src/maasserver/static/js/angular/controllers/pod_details.js (+7/-3)
src/maasserver/static/js/angular/controllers/tests/test_pod_details.js (+18/-0)
src/maasserver/tests/test_macaroon_auth.py (+48/-18)
| Changed in maas: | |
| milestone: | none → 2.5.1 |
| tags: | added: rbac |
| Changed in maas: | |
| assignee: | nobody → Blake Rouse (blake-rouse) |
| importance: | Undecided → High |
| status: | New → Triaged |
| importance: | High → Critical |
| Changed in maas: | |
| status: | Triaged → In Progress |
| Changed in maas: | |
| status: | In Progress → Fix Committed |
| Changed in maas: | |
| status: | Fix Committed → Fix Released |
