Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-2666

`create a project` link not backed by RBAC check

    XMLWordPrintable

Details

    • Moderate
    • ODC Sprint 227, ODC Sprint 229, ODC Sprint 231
    • 3
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • NA

    Description

      Description of problem:

      `create a project` link is enabled for users who do not have permission to create a project. This issue surfaces itself in the developer sandbox.

      Version-Release number of selected component (if applicable):

      4.11.5

      How reproducible:

       

      Steps to Reproduce:

      1. log into dev sandbox, or a cluster where the user does not have permission to create a project
2. go directly to URL /topology/all-namespaces

      Actual results:

      `create a project` link is enabled. Upon clicking the link and submitting the form, the project fails to create; as expected.

      Expected results:

      `create a project` link should only be available to users with the correct permissions.

      Additional info:

      The project list pages are not directly available to the user in the UI through the project selector. The user must go directly to the URL.

It's possible to encounter this situation when a user logs in with multiple accounts and returns to a previous url.

       

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-6758 `create a project` link not backed by RBAC check

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          is depended on by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-6758 `create a project` link not backed by RBAC check

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          links to

          GitHub openshift/console#12279: OCPBUGS-2666: Add RBAC check on Create a Project link in all-namespaces pages

          Activity

            People

              viraj-1 Vikram Raj
              christianvogt Christian Vogt
              Sanket Pathak Sanket Pathak
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: