Bug 2140539

Summary: Disable all active elements on VM and Template pages if user have view only permission
Product: Container Native Virtualization (CNV) Reporter: Guohua Ouyang <gouyang>
Component: User ExperienceAssignee: Ugo Palatucci <upalatuc>
Status: CLOSED WONTFIX QA Contact: Guohua Ouyang <gouyang>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.12.0CC: danken, gouyang
Target Milestone: ---   
Target Release: 4.12.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2143216 (view as bug list) Environment:
Last Closed: 2023-02-10 04:21:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2143216    
Bug Blocks:    

Description Guohua Ouyang 2022-11-07 05:46:03 UTC 
Description of problem:
Disable all active elements on VM/Template pages if user have view only permission:
- disable VNC connecting/play button in overview tab
- disable the VNC connecting button in standalone view (by click "Open web console")
- disable "Take snapshot" in overview tab
- disable all edit button in details tab
- "environment" tab cannot be loaded, need to figure out what to show there. maybe just keep the top line "Include all values from existing config maps, secrets or service accounts (as disk)" and remove others
- Console tab, need to hide the login credentials and disable the VNC connecting
- disable "Add network interface" button 
- disable "Add disk" button
- disable "Take snapshot" button in snapshot tab
- disable all actions (start/stop/restart/delete ...) in kebab action and action menu.
- apply above rules to templates as well


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Guohua Ouyang 2022-11-07 06:01:44 UTC 
Steps to Reproduce:
1. create a running vm in a project and a template by kubeadmin
2. create a non-admin user and assign view only permission to the project
$ oc adm policy add-role-to-user view test -n default
3. login with non-admin user "test"
4. view VM/template in view only project "default" in web console
Comment 2 Dan Kenigsberg 2022-11-07 06:32:43 UTC 
design note: we should not attempt to re-implement the permission model in GUI. "can the active user do X" questions should be delegated to the back-end.
Comment 3 Ugo Palatucci 2022-11-08 10:44:41 UTC 
about the VNC play/connect button there is a separate bug for that: https://bugzilla.redhat.com/show_bug.cgi?id=2140534
Comment 4 Guohua Ouyang 2022-11-23 04:45:59 UTC 
The issue is still on v4.12.0-172
Comment 6 Guohua Ouyang 2023-02-07 12:30:33 UTC 
The issue is still existing on CNV-v4.12.1-25
Comment 7 Guohua Ouyang 2023-02-10 04:21:50 UTC 
Close the bug until there is a request to backport this to 4.12.z