Admin auth check seems to override policy rules.
Bug #1336418 reported by
Charles V Bock
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Fix Released
|
Undecided
|
Justin Pomeroy |
Bug Description
This check for the admin role seems to fly in the face of the RBAC control that keystone now gives us.
since is_superuser is based solely on the user having the role of admin.
if not user.is_superuser:
raise exceptions.
https:/
For instance if I give access to the list-users call for people with role "user_lister" this check effectively overrides my policy every time.
This only happens in horizon, via curl / direct API calls there is no such interference.
Thoughts?
tags: | removed: horizon |
Changed in horizon: | |
milestone: | none → kilo-1 |
Changed in horizon: | |
status: | Fix Committed → Fix Released |
Changed in horizon: | |
milestone: | kilo-1 → 2015.1.0 |
To post a comment you must log in.
Re-evaluating this... will reopen if Its still an issue.