OpenStack Dashboard (Horizon)

project managers should be able to modify image attributes of an image belonging to the project

Bug #737360 reported by Devin Carlen on 2011-03-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Dashboard (Horizon)	Fix Released	High	Gabriel Hurley	OpenStack Dashboard (Horizon) 2012.1 "essex"

Bug Description

There were some problems with the image detail UI showing edit controls even if the user didn't have rights to modify the image. Nova still prevented the operation, but the UI was giving the option to incorrectly.

The attached diff was the hotfix of this issue. Further logic is needed to check to see if the signed in user is a project manager of the current project in context. In this case, the project manager should be able to modify the image.

Essentially:

IF request.user is projectmanager of image
OR request.user is image.ownerId

However, one place image.ownerId was referenced as a user ID, and another it was referenced as a project ID. We need to find out which it is to properly fix this bug.

Revision history for this message

Devin Carlen (devcamcar) wrote on 2011-03-18:

e1aea5de-50fe-11e0-b274-001e0bc3957e.txt Edit (12.0 KiB, text/plain)

Devin Carlen (devcamcar) on 2011-03-18

Changed in openstack-dashboard:
status:	New → Confirmed

Revision history for this message

Jesse Andrews (anotherjesse) wrote on 2011-11-28:

Perhaps the decision on if the edit can occur will be based on RBAC ruleset?

Devin Carlen (devcamcar) on 2011-11-28

Changed in horizon:
milestone:	none → essex-3

Devin Carlen (devcamcar) on 2012-01-17

Changed in horizon:
milestone:	essex-3 → essex-4

Revision history for this message

Gabriel Hurley (gabriel-hurley) wrote on 2012-02-29:

Bumping to 2012.1 since there's no patch.

Changed in horizon:
milestone:	essex-4 → 2012.1

Thierry Carrez (ttx) on 2012-02-29

Changed in horizon:
milestone:	2012.1 → essex-rc1

Devin Carlen (devcamcar) on 2012-03-02

Changed in horizon:
assignee:	Devin Carlen (devcamcar) → Nebula (nebula)

Gabriel Hurley (gabriel-hurley) on 2012-03-06

Changed in horizon:
milestone:	essex-rc1 → none

Gabriel Hurley (gabriel-hurley) on 2012-03-20

Changed in horizon:
assignee:	Nebula (nebula) → Gabriel Hurley (gabriel-hurley)
milestone:	none → essex-rc1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-03-20: Fix proposed to horizon (master)

Fix proposed to branch: master
Review: https://review.openstack.org/5549

Changed in horizon:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-03-20: Fix merged to horizon (master)

Reviewed: https://review.openstack.org/5549
Committed: http://github.com/openstack/horizon/commit/2a51171517de2890d26130225a60901827fdfd51
Submitter: Jenkins
Branch: master

commit 2a51171517de2890d26130225a60901827fdfd51
Author: Gabriel Hurley <email address hidden>
Date: Mon Mar 19 18:49:01 2012 -0700

Corrects glance image action permissions.

      * Admins have full permissions to edit and delete images
        from syspanel, plus Glance's client returns a proper
        403 error instead of 401, so inappropriate access no longer
        logs the user out inappropriately. Fixes bug 955744.
      * Regular users can edit and delete if their tenant owns the
        image. Fixes bug 950364 and fixes bug 737360.

Note, this requires the latest version of Glance.

Change-Id: Ib816d7e6e1320a9024c5dbe95b04249291ec0463