Bug 1355684

Summary: [userinterface_public_661] Project list page still display delete button when user only has view permission to the project
Product: OKD Reporter: XiaochuanWang <xiaocwan>
Component: Management ConsoleAssignee: Jakub Hadvig <jhadvig>
Status: CLOSED NOTABUG QA Contact: Yadan Pei <yapei>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.xCC: aos-bugs, jforrest, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-12 11:45:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description XiaochuanWang 2016-07-12 08:59:22 UTC 
Description of problem:
After granted only view role to another user, the viewer still see delete button on project list page which is not expected, but display on other pages based on authority are correct
US: https://trello.com/c/UQEUgVrY/661-3-only-show-users-actions-they-have-authority-to-perform

Version-Release number of selected component (if applicable):
openshift v1.3.0-alpha.2+522a826-dirty
kubernetes v1.3.0+57fb9ac
etcd 2.3.0+git

How reproducible:
Always

Steps to Reproduce:
1. Create a new project and add app
$ oc process -f https://raw.githubusercontent.com/openshift/origin/master/examples/sample-app/application-template-stibuild.json | oc create -f - -n cluster-test
2. add "view" role to another user
$ oc policy add-role-to-user view testviewer -n cluster-test
3. Login with user "testviewer" on web console
4. Check delete button from project list page
5. Check edit/delete options about resources like BC/DC/Builds/Deployements/Services/"Other Resources"

Actual results:
Step4. Viewer still see delete button on project list page

Expected results:
Step4. Viewer should not see delete button on project list page

Additional info:
Code built up process refer to http://pastebin.test.redhat.com/391401
Comment 1 Jakub Hadvig 2016-07-12 11:45:34 UTC 
We talked about this with jforrester and for now we will keep this logic on the project list page, since we dont have pagination, and in case of a lot of projects the number of API calls would equal number of projects.
So until we have the pagination on the project list page, we will display the delete button.
Comment 2 Jessica Forrester 2016-07-12 14:45:25 UTC 
Yep confirming what jhadvig said.  We have a technical limitation with getting what you can do for the top level list of projects.  We will try and improve this use case in a later release if possible.