Normal Description of problem:
Currently an org member user has been invited to a cluster (has a pending access requests) as either Cluster editor or Machine pool editor roles. Org member user allowed to open the pending AR definition from the cluster and allowed with deny or approve action. Fortunately the backend detect the access issue report the failure on UI dialog. In above case the UI should be handled in better way i.e. do not allow user to update any action around AR if permission is missing. This need to be blocked once user opens the AR model to deny or approve it.
How reproducible:
Always
Steps to Reproduce:
- Launch OCM UI staging.
- Create Access request for a ROSA cluster.
- Go to cluster's Access control tab > OCM roles and access
- Grant a new role either Cluster editor or machine pool editor for one of your org member user. Save it.
- Login with org member user in OCM UI staging.
- Open the Cluster (used in Step 4) and go to Access requests tab.
- Open pending AR.
- Try to deny or approve the AR and save the changes
- Observe the behavior.
Actual results:
At step 8, User has not blocked by approving or deny action from UI although user has no permission to deny or approve the AR. The backend call reported failure due access restriction and blocked user from succeeding above action.
Expected results:
At step7, The user needs to be blocked i.e. an indication about the access permission (as seen in screenshot) with disabled save action should be shown in AR model.
- is related to
-
OCMUI-1992 [OCM UI] Lockbox: user with role AccessTransparencyApprover not permitted to approve/deny
-
- Closed
-
- relates to
-
OCMUI-1718 UI for ROSA Lockbox: Details View
-
- Closed
-
- mentioned on
