Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-2666

`create a project` link not backed by RBAC check

XMLWordPrintable

    • Moderate
    • ODC Sprint 227, ODC Sprint 229, ODC Sprint 231
    • 3
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • NA

      Description of problem:

      `create a project` link is enabled for users who do not have permission to create a project. This issue surfaces itself in the developer sandbox.

      Version-Release number of selected component (if applicable):

      4.11.5

      How reproducible:

       

      Steps to Reproduce:

      1. log into dev sandbox, or a cluster where the user does not have permission to create a project
      2. go directly to URL /topology/all-namespaces
      

      Actual results:

      `create a project` link is enabled. Upon clicking the link and submitting the form, the project fails to create; as expected.

      Expected results:

      `create a project` link should only be available to users with the correct permissions.

      Additional info:

      The project list pages are not directly available to the user in the UI through the project selector. The user must go directly to the URL.
      
      It's possible to encounter this situation when a user logs in with multiple accounts and returns to a previous url.

       

            viraj-1 Vikram Raj
            christianvogt Christian Vogt
            Sanket Pathak Sanket Pathak
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: