Description:

Delete other user created repository/tag with Global Readonly Superuser returns 403, if it designed to view only, should the UPDATE actions be hidden?

Quay: RC stable-3-16-v4-19

Steps:

1, Create user1org/user1repo, push tags with regular user user1 (or super user)

2, Login UI with Readonly Super user, go to user1org, select user1repo, in the Actions dropdown list, click Delete/Make public/Make private

3, Go into user1repo, select the tag name, Click any in Actions dropdown list  

Result:

All these UPDATE actions can't be perform, so the better way looks to just hide the "Actions" menu. this can avoid the unclear warning message