[rbac] Reader user able to delete a user message
Bug #2009818 reported by
Yosi Ben Shimon
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
New
|
Medium
|
Tushar Trambak Gite |
Bug Description
User with reader creds can delete user message.
The expected response code is 403 (forbidden) but the actual response is 204.
Steps to repoduce:
1. Create a volume in such way that will result in a volume in "error" state.
For exmaple, invalid extra_specs in volume type
2. Try to delete the user_message using a reader user
tags: | added: rbac |
Changed in cinder: | |
importance: | Undecided → Medium |
Changed in cinder: | |
status: | In Progress → Invalid |
To post a comment you must log in.
i would like work on this bug.