project managers should be able to modify image attributes of an image belonging to the project

Bug #737360 reported by Devin Carlen on 2011-03-18
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Dashboard (Horizon)
High
Gabriel Hurley

Bug Description

There were some problems with the image detail UI showing edit controls even if the user didn't have rights to modify the image. Nova still prevented the operation, but the UI was giving the option to incorrectly.

The attached diff was the hotfix of this issue. Further logic is needed to check to see if the signed in user is a project manager of the current project in context. In this case, the project manager should be able to modify the image.

Essentially:

IF request.user is projectmanager of image
OR request.user is image.ownerId

However, one place image.ownerId was referenced as a user ID, and another it was referenced as a project ID. We need to find out which it is to properly fix this bug.

Devin Carlen (devcamcar) wrote :
Devin Carlen (devcamcar) on 2011-03-18
Changed in openstack-dashboard:
status: New → Confirmed
Jesse Andrews (anotherjesse) wrote :

Perhaps the decision on if the edit can occur will be based on RBAC ruleset?

Devin Carlen (devcamcar) on 2011-11-28
Changed in horizon:
milestone: none → essex-3
Devin Carlen (devcamcar) on 2012-01-17
Changed in horizon:
milestone: essex-3 → essex-4
Gabriel Hurley (gabriel-hurley) wrote :

Bumping to 2012.1 since there's no patch.

Changed in horizon:
milestone: essex-4 → 2012.1
Thierry Carrez (ttx) on 2012-02-29
Changed in horizon:
milestone: 2012.1 → essex-rc1
Devin Carlen (devcamcar) on 2012-03-02
Changed in horizon:
assignee: Devin Carlen (devcamcar) → Nebula (nebula)
Changed in horizon:
milestone: essex-rc1 → none
Changed in horizon:
assignee: Nebula (nebula) → Gabriel Hurley (gabriel-hurley)
milestone: none → essex-rc1

Fix proposed to branch: master
Review: https://review.openstack.org/5549

Changed in horizon:
status: Confirmed → In Progress

Reviewed: https://review.openstack.org/5549
Committed: http://github.com/openstack/horizon/commit/2a51171517de2890d26130225a60901827fdfd51
Submitter: Jenkins
Branch: master

commit 2a51171517de2890d26130225a60901827fdfd51
Author: Gabriel Hurley <email address hidden>
Date: Mon Mar 19 18:49:01 2012 -0700

    Corrects glance image action permissions.

      * Admins have full permissions to edit and delete images
        from syspanel, plus Glance's client returns a proper
        403 error instead of 401, so inappropriate access no longer
        logs the user out inappropriately. Fixes bug 955744.
      * Regular users can edit and delete if their tenant owns the
        image. Fixes bug 950364 and fixes bug 737360.

    Note, this requires the latest version of Glance.

    Change-Id: Ib816d7e6e1320a9024c5dbe95b04249291ec0463

Changed in horizon:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2012-03-20
Changed in horizon:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2012-04-05
Changed in horizon:
milestone: essex-rc1 → 2012.1
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers