[2.5, RBAC] Pool admins shouldn't be allowed to delete the pool
Bug #1812239 reported by
Björn Tillenius
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Fix Released
|
High
|
Alberto Donato |
Bug Description
This is with MAAS 2.5.1-7489-
I have a user that has the Admin role on a single pool.
He's allowed to delete that pool, which he shouldn't.
Only users that have the Admin role in the 'all' resource pool scope
should be allowed to delete resource pools.
The reason is that you should always be allowed to undo something.
If you have permission to delete something, you should have permission
to recreate it.
Related branches
~ack/maas:backport-fix-1812239
- Alberto Donato (community): Approve
-
Diff: 294 lines (+58/-37)16 files modifiedsrc/maasserver/api/resourcepools.py (+2/-1)
src/maasserver/api/tests/test_resourcepool.py (+10/-5)
src/maasserver/forms/__init__.py (+1/-0)
src/maasserver/models/__init__.py (+5/-1)
src/maasserver/permissions.py (+1/-0)
src/maasserver/rbac.py (+11/-0)
src/maasserver/static/js/angular/controllers/nodes_list.js (+2/-5)
src/maasserver/static/js/angular/controllers/tests/test_nodes_list.js (+5/-19)
src/maasserver/static/js/bundle/maas-min.js (+1/-1)
src/maasserver/static/js/bundle/maas-min.js.map (+1/-1)
src/maasserver/static/partials/nodes-list.html (+1/-1)
src/maasserver/tests/test_rbac.py (+10/-0)
src/maasserver/websockets/handlers/resourcepool.py (+1/-1)
src/maasserver/websockets/handlers/tests/test_resourcepool.py (+3/-2)
src/maasserver/websockets/handlers/tests/test_user.py (+2/-0)
src/maasserver/websockets/handlers/user.py (+2/-0)
~ack/maas:fix-rpool-delete-perm-rbac
Merged
into
maas:master
- Lee Trager (community): Approve
- MAAS Lander: Approve
-
Diff: 276 lines (+56/-35)14 files modifiedsrc/maasserver/api/resourcepools.py (+2/-1)
src/maasserver/api/tests/test_resourcepool.py (+10/-5)
src/maasserver/forms/__init__.py (+1/-0)
src/maasserver/models/__init__.py (+5/-1)
src/maasserver/permissions.py (+1/-0)
src/maasserver/rbac.py (+11/-0)
src/maasserver/static/js/angular/controllers/nodes_list.js (+2/-5)
src/maasserver/static/js/angular/controllers/tests/test_nodes_list.js (+5/-19)
src/maasserver/static/partials/nodes-list.html (+1/-1)
src/maasserver/tests/test_rbac.py (+10/-0)
src/maasserver/websockets/handlers/resourcepool.py (+1/-1)
src/maasserver/websockets/handlers/tests/test_resourcepool.py (+3/-2)
src/maasserver/websockets/handlers/tests/test_user.py (+2/-0)
src/maasserver/websockets/handlers/user.py (+2/-0)
tags: | added: rbac |
description: | updated |
Changed in maas: | |
status: | New → Triaged |
milestone: | none → 2.5.1 |
importance: | Undecided → High |
Changed in maas: | |
status: | Triaged → In Progress |
assignee: | nobody → Alberto Donato (ack) |
Changed in maas: | |
status: | In Progress → Fix Committed |
Changed in maas: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.