Bug 2143216

Summary: Disable all active elements on VM and Template pages if user have view only permission
Product: Container Native Virtualization (CNV) Reporter: Ugo Palatucci <upalatuc>
Component: User ExperienceAssignee: Ugo Palatucci <upalatuc>
Status: CLOSED MIGRATED QA Contact: Guohua Ouyang <gouyang>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.12.0CC: danken, gouyang
Target Milestone: ---   
Target Release: 4.14.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2140539 Environment:
Last Closed: 2023-08-22 11:13:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2140539    

Description Ugo Palatucci 2022-11-16 11:29:40 UTC 
+++ This bug was initially created as a clone of Bug #2140539 +++

Description of problem:
Disable all active elements on VM/Template pages if user have view only permission:
- disable VNC connecting/play button in overview tab
- disable the VNC connecting button in standalone view (by click "Open web console")
- disable "Take snapshot" in overview tab
- disable all edit button in details tab
- "environment" tab cannot be loaded, need to figure out what to show there. maybe just keep the top line "Include all values from existing config maps, secrets or service accounts (as disk)" and remove others
- Console tab, need to hide the login credentials and disable the VNC connecting
- disable "Add network interface" button 
- disable "Add disk" button
- disable "Take snapshot" button in snapshot tab
- disable all actions (start/stop/restart/delete ...) in kebab action and action menu.
- apply above rules to templates as well


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

--- Additional comment from Guohua Ouyang on 2022-11-07 06:01:44 UTC ---

Steps to Reproduce:
1. create a running vm in a project and a template by kubeadmin
2. create a non-admin user and assign view only permission to the project
$ oc adm policy add-role-to-user view test -n default
3. login with non-admin user "test"
4. view VM/template in view only project "default" in web console

--- Additional comment from Dan Kenigsberg on 2022-11-07 06:32:43 UTC ---

design note: we should not attempt to re-implement the permission model in GUI. "can the active user do X" questions should be delegated to the back-end.

--- Additional comment from Ugo Palatucci on 2022-11-08 10:44:41 UTC ---

about the VNC play/connect button there is a separate bug for that: https://bugzilla.redhat.com/show_bug.cgi?id=2140534
Comment 2 Guohua Ouyang 2022-11-23 04:12:50 UTC 
Failed to verify the bug on v4.13.0-1141
Comment 3 Guohua Ouyang 2022-12-13 07:32:52 UTC 
Failed to verify the bug on v4.13.0-1239
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=2300990
Comment 5 Ugo Palatucci 2023-02-22 15:34:11 UTC 
Don't understand what's wrong @gouyang
Comment 6 Guohua Ouyang 2023-02-23 02:07:49 UTC 
(In reply to Ugo Palatucci from comment #5)
> Don't understand what's wrong @gouyang

The issue is still existing there, you can check it on cluster uit-413-dev with the regular user 'tests' under ns 'default'.