Bug 2093600

Summary: Project access tab should apply new permissions before it delete old ones
Product: OpenShift Container Platform Reporter: Christoph Jerolimov <cjerolim>
Component: Dev ConsoleAssignee: Lokananda Prabhu <lprabhu>
Status: CLOSED ERRATA QA Contact: spathak <spathak>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.7CC: lprabhu, nmukherj
Target Milestone: ---   
Target Release: 4.11.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-08-10 11:16:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
api-calls.mp4 none

Description Christoph Jerolimov 2022-06-04 15:52:23 UTC 
Description of problem:
When a user change the permissions in the project access tab for herself/himself, he might lose his permissions because we delete old RoleBindings before we create the new ones.

To ensure that the user doesn't lock out herself/himself we should update the operation order from delete -> create to create -> delete.

(For example, I lose a role I'm not aware of when playing with the modal in dev sandbox. :D)

Version-Release number of selected component (if applicable):
4.7+

How reproducible:
In theory always, but it's an edge case for a user with limited permissions, like in the sandbox.

Steps to Reproduce:
1. Switch to "Developer" perspective
2. Navigate to project > Project acccess
3. Add a new "user1" + "View" permission and save it.
4. Reload it
5. Open your browser network inspector!
6. Update the "user1" permission to "Edit" and save it.

Actual results:
You see a DELETE RB call, and then a POST (create) RB call.

Expected results:
You should see the POST (create) RB call first, and then a DELETE RB.

Additional info:
Comment 1 Christoph Jerolimov 2022-06-04 15:53:47 UTC 
Created attachment 1886710 [details]
api-calls.mp4
Comment 3 Christoph Jerolimov 2022-06-20 15:54:20 UTC 
Verified on 4.11.0-0.nightly-2022-06-20-084444
Comment 5 errata-xmlrpc 2022-08-10 11:16:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069