OpenStack Dashboard (Horizon)

  1. Bug #1741051
  2. Comment #2

Comment 2 for bug 1741051

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to horizon (master)

Reviewed: https://review.openstack.org/530928
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=3f585d3b1efca1b2379d6c0a80246fd6e5a87640
Submitter: Zuul
Branch: master

commit 3f585d3b1efca1b2379d6c0a80246fd6e5a87640
Author: David Gutman <email address hidden>
Date: Wed Jan 3 14:25:46 2018 +0100

    Views accessible via url even if user doesn't match policy rules

    When a user doesn't match the policy rules of a panel then the panel tab
    is removed from the menu of the left, but panel views are still
    accessible using directly the url (ex /admin/flavors/).

    In most of the case, views won't work correctly because of the lack of
    right in the backend, but it may cause trouble when you play with
    policies.

    I think it could be more elegant to return directly a "You are not
    authorized to access this page" from the frontend when user try to
    access a view of a panel (via url) without matching the policy rules.

    Change-Id: I7bc93fed29568adfc14d5bcadfc8728d3b5cf633
    Closes-Bug: #1741051