Bug 782784

Summary: Action on "New Image" as non admin user shall display "Insufficient privilege" message instead of displaying it at the last
Product: [Retired] CloudForms Cloud Engine Reporter: Shveta <ssachdev>
Component: aeolus-conductorAssignee: Jan Provaznik <jprovazn>
Status: CLOSED NOTABUG QA Contact: wes hayutin <whayutin>
Severity: low Docs Contact:
Priority: unspecified    
Version: 1.0.0CC: akarol, dajohnso, deltacloud-maint, hbrock, matt.wagner, ssachdev
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-22 14:39:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Shveta 2012-01-18 13:01:56 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce: 
1. As a non admin user click on Environments-- > New Image 
2. Upload template continue , save template 
3. At the end message is displayed : "You have insufficient privileges to perform the selected action. " 

Instead this message should be displayed at the click of "New Image" only i.e at the beginning
  
Actual results:


Expected results:


Additional info:

rpm -qa|grep aeolus
aeolus-conductor-daemons-0.8.0-7.el6.noarch
rubygem-aeolus-image-0.3.0-2.el6.noarch
aeolus-configure-2.5.0-4.el6.noarch
rubygem-aeolus-cli-0.3.0-3.el6.noarch
aeolus-conductor-0.8.0-7.el6.noarch
aeolus-all-0.8.0-7.el6.noarch
aeolus-conductor-doc-0.8.0-7.el6.noarch
Comment 1 Matt Wagner 2012-01-19 16:49:40 UTC 
Per-image permissions are not in scope for 1.0. However, we need to have an "Image Creators" sort of role to enable rough controls over who can/cannot create/delete images.
Comment 2 Jan Provaznik 2012-01-19 16:51:30 UTC 
"You have insufficient privileges to perform the selected action. " is displayd after an image is created and user is redirected to deployable create page (privilege message is raised by deployables controller because deployables are permissioned object).

The thing is that we don't have any image permissions now (images are warehouse objects), Matt is going to add 'global pool family USE permissions' for 'image administrator' role. Then we can add privilege check to all images actions.

second part:
<sseago> we should hide the 'make deployable now' option if the user doesn't have permission to make a deployable
Comment 3 Matt Wagner 2012-01-19 22:29:51 UTC 
I made disappointingly little progress today, so I didn't get to this as I had hoped. I did, however, send out a patch for its sister bug, #782420 -- see http://lists.fedorahosted.org/pipermail/aeolus-devel/2012-January/008212.html

Hopefully it'll be easier to build on top of this to check for the privilege.
Comment 4 Jan Provaznik 2012-03-15 08:35:40 UTC 
UI has changed and now it's not possible to create new deployable when creating new image -> this bug can't occur anymore so I would suggest to close this BZ.
Comment 5 Dave Johnson 2012-03-22 14:39:12 UTC 
per comment 4, closing this out