Views accessible via url even if user doesn't match policy rules
Bug #1741051 reported by
David Gutman
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Fix Released
|
Wishlist
|
David Gutman |
Bug Description
When a user doesn't match the policy rules of a panel then the panel tab is removed from the menu of the left, but panel views are still accessible using directly the url (ex /admin/flavors/).
In most of the case, views won't work correctly because of the lack of right in the backend, but it may cause trouble when you play with policies.
I think it could be more elegant to return directly a "You are not authorized to access this page" from the frontend when user try to access a view of a panel (via url) without matching the policy rules.
Changed in horizon: | |
assignee: | nobody → David Gutman (david.gutman) |
Changed in horizon: | |
status: | New → In Progress |
Changed in horizon: | |
assignee: | David Gutman (david.gutman) → Ivan Kolodyazhny (e0ne) |
Changed in horizon: | |
assignee: | Ivan Kolodyazhny (e0ne) → David Gutman (david.gutman) |
Changed in horizon: | |
assignee: | David Gutman (david.gutman) → Akihiro Motoki (amotoki) |
Changed in horizon: | |
assignee: | Akihiro Motoki (amotoki) → David Gutman (david.gutman) |
Changed in horizon: | |
importance: | Undecided → Wishlist |
milestone: | none → queens-rc1 |
tags: | added: pike-backport-potential |
tags: | added: ocata-backport-potential |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/530928
Review: https:/