Description of problem: After granted only view role to another user, the viewer still see delete button on project list page which is not expected, but display on other pages based on authority are correct US: https://trello.com/c/UQEUgVrY/661-3-only-show-users-actions-they-have-authority-to-perform Version-Release number of selected component (if applicable): openshift v1.3.0-alpha.2+522a826-dirty kubernetes v1.3.0+57fb9ac etcd 2.3.0+git How reproducible: Always Steps to Reproduce: 1. Create a new project and add app $ oc process -f https://raw.githubusercontent.com/openshift/origin/master/examples/sample-app/application-template-stibuild.json | oc create -f - -n cluster-test 2. add "view" role to another user $ oc policy add-role-to-user view testviewer -n cluster-test 3. Login with user "testviewer" on web console 4. Check delete button from project list page 5. Check edit/delete options about resources like BC/DC/Builds/Deployements/Services/"Other Resources" Actual results: Step4. Viewer still see delete button on project list page Expected results: Step4. Viewer should not see delete button on project list page Additional info: Code built up process refer to http://pastebin.test.redhat.com/391401
We talked about this with jforrester and for now we will keep this logic on the project list page, since we dont have pagination, and in case of a lot of projects the number of API calls would equal number of projects. So until we have the pagination on the project list page, we will display the delete button.
Yep confirming what jhadvig said. We have a technical limitation with getting what you can do for the top level list of projects. We will try and improve this use case in a later release if possible.