| 2015-05-08 08:58:00 |
Biswajit Mandal |
description |
If a project is added which the user does have a member role, then after selecting from the project list that project, it throws error, permission denied if multi tenancy is enabled, and we have set the cookie for that project which does have member role, so now onwards after clicking to any other config menu items, the same error occurs, as project cookie has been set to the member role project.
So to avoid this, we can have below:
1. Let the member role project be listed in the project list, as we can not get the role list without specifying user/password per tenant and we are not storing the user details, so selecting it, if 403 error comes from keystone, then do not change the project cookie from UI. |
If a project is added which the user does have a member role, then after selecting from the project list that project, it throws error, permission denied if multi tenancy is enabled, and we have set the cookie for that project which does have member role, so now onwards after clicking to any other config menu items, the same error occurs, as project cookie has been set to the member role project.
So to avoid this, we can have below:
1. Let the member role project be listed in the project list, as we can not get the role list without specifying user/password per tenant and we are not storing the user details, so selecting it, if 403 error comes from keystone, then do not change the project cookie from UI.
But one issue with current logic still exists, if the user was having member role on project p1, after login to the UI, if the role gets changed to admin, then that project does not come in the project-list, only way is to logout UI and then login back. |
|
