karbor-dashboard

general users have rights to restore checkpoints

Bug #1805004 reported by jiaopengju
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
karbor-dashboard
Fix Released
Undecided
jiaopengju

Bug Description

Currently, general users have rights to restore other users' checkpoints. We should add rights check to avoid this security risks.

jiaopengju (pj-jiao)
Changed in karbor-dashboard:
assignee: nobody → jiaopengju (pj-jiao)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/karbor 1.2.0

This issue was fixed in the openstack/karbor 1.2.0 release.

Revision history for this message
Mohamed El Gindi (gindi) wrote :

Why is this considered a bug? It was a very valuable feature for us actually, it allowed cross-project and even cross-cloud backup/restore

Revision history for this message
jiaopengju (pj-jiao) wrote :

Only admin users should have the rights to restore other users' checkpoints. Non admin users can only restore the checkpoints belong to themselves.

jiaopengju (pj-jiao)
Changed in karbor-dashboard:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.