Description of problem: There is a template in project "projecttest", when a view role user create app in "protest" from external url using the template, error info shows up: "An error occurred processing the template." The error info is not precise, should show: User "testuser" cannot create processedtemplates in project "projecttest" . Version-Release number of selected component (if applicable): OpenShift Master: v3.7.0-0.197.0 Kubernetes Master: v1.7.6+a08f5eeb62 How reproducible: Always Steps to Reproduce: 1.Create a template in project "projecttest". #oc create -f https://raw.githubusercontent.com/openshift/origin/master/examples/sample-app/application-template-stibuild.json -n projecttest 2.Give user "testuser" view role to project "projecttest" # oc policy add-role-to-user view testuser -n projecttest 3."testuser" login on web console, create app from template in project "projecttest" using external url: https://<openshiftserver>:8443/console/project/projecttest/create/fromtemplate?template=ruby-helloworld-sample&namespace=projecttest After click "Create", check the error info. Actual results: 3.After click "Create", error info shows up: An error occurred processing the template. Expected results: 3. Should show error info: User "testuser" cannot create processedtemplates in project "projecttest" Additional info:
Commits pushed to master at https://github.com/openshift/origin-web-console https://github.com/openshift/origin-web-console/commit/fd4037640f038c8840a7ef5c1b60a857e35d58ae Bug 1510786 - Error info should be more precise when create app in project with view role https://github.com/openshift/origin-web-console/commit/721cde05fe8c386935adc209638700b2476dd228 Merge pull request #2481 from jhadvig/processtemp Automatic merge from submit-queue. Bug 1510786 - Error info should be more precise when create app in project with view role Instead of trying to send a request that will fail, we shouldn't show the "Create" button, if he doesn't have the permissions.  Not really sure if we shouldn't hide both `Create | Cancel` butwould rather keep the `Cancel` btn for the navigation. @spadgett PTAL
Fix PR: https://github.com/openshift/origin-web-console/pull/2481
When user have no permission to process template, a full error page will show when he tries to create app from URL Error Access denied You do not have authority to process templates in project <project-name>. Move to VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0489