| Summary: | Non admin user is able to delete the imported image after Revoking the role of "Image Administrator" | ||
|---|---|---|---|
| Product: | [Retired] CloudForms Cloud Engine | Reporter: | Shveta <ssachdev> |
| Component: | aeolus-conductor | Assignee: | Scott Seago <sseago> |
| Status: | CLOSED ERRATA | QA Contact: | pushpesh sharma <psharma> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 1.0.0 | CC: | akarol, bbandari, deltacloud-maint, hbrock, psharma, ssachdev |
| Target Milestone: | beta5 | Keywords: | Triaged |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-05-15 22:37:02 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Shveta
2012-02-15 09:48:54 UTC
"push all " button is hidden after revoking the role of "Image Admin" but user can build and push to individual providers, then whats the point in hiding "push all" button. No action on images should be allowed Ahh, yes this looks like a fairly straightforward bug -- the 'delete' action isn't being filtered on permissions. Pushed to master: 570f0138508af369f41e2950b3aa632d0ea606dd User is not able to import new images,delete images,push,build images after revoking the image admin permissions. Marking this bug as verified based on the above observation. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2012-0583.html |