Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-6758

`create a project` link not backed by RBAC check

XMLWordPrintable

    • Moderate
    • None
    • ODC Sprint 231
    • 1
    • Rejected
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      `create a project` link is enabled for users who do not have permission to create a project. This issue surfaces itself in the developer sandbox.

      Version-Release number of selected component (if applicable):

      4.11.5

      How reproducible:

       

      Steps to Reproduce:

      1. log into dev sandbox, or a cluster where the user does not have permission to create a project
      2. go directly to URL /topology/all-namespaces
      

      Actual results:

      `create a project` link is enabled. Upon clicking the link and submitting the form, the project fails to create; as expected.

      Expected results:

      `create a project` link should only be available to users with the correct permissions.

      Additional info:

      The project list pages are not directly available to the user in the UI through the project selector. The user must go directly to the URL.
      
      It's possible to encounter this situation when a user logs in with multiple accounts and returns to a previous url.

       

        1. image-2022-10-20-16-50-22-819.png
          122 kB
          Vikram Raj
        2. Screenshot from 2023-02-13 17-25-21.png
          155 kB
          Sanket Pathak
        3. Screenshot from 2023-02-13 17-48-03.png
          65 kB
          Sanket Pathak

              viraj-1 Vikram Raj
              christianvogt Christian Vogt
              Sanket Pathak Sanket Pathak
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: