Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1510786

Summary: Error info should be more precise when create app in project with view role
Product: OpenShift Container Platform Reporter: Yanping Zhang <yanpzhan>
Component: Management ConsoleAssignee: Jakub Hadvig <jhadvig>
Status: CLOSED ERRATA QA Contact: Yadan Pei <yapei>
Severity: low Docs Contact:
Priority: low    
Version: 3.7.0CC: aos-bugs, jforrest, jhadvig, jokerman, mmccomas, spadgett, yapei
Target Milestone: ---Keywords: Regression
Target Release: 3.9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: Web console shows process template page to user without permissions to process templates. Consequence: The processing of the template will error out. Fix: Show an error page when the page loads saying that user doesn't have authority to process templates. Result: User without permissions to process template will be redirected to error page that will tell him that he doesn't have the permissions to process selected template.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-28 14:11:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Yanping Zhang 2017-11-08 09:02:30 UTC 
Description of problem:
There is a template in project "projecttest", when a view role user create app in "protest" from external url using the template, error info shows up: "An error occurred processing the template." The error info is not precise, should show: User "testuser" cannot create processedtemplates in project "projecttest" .

Version-Release number of selected component (if applicable):
OpenShift Master:
v3.7.0-0.197.0
Kubernetes Master:
v1.7.6+a08f5eeb62

How reproducible:
Always

Steps to Reproduce:
1.Create a template in project "projecttest".
#oc create -f https://raw.githubusercontent.com/openshift/origin/master/examples/sample-app/application-template-stibuild.json -n projecttest
2.Give user "testuser" view role to project "projecttest"
# oc policy add-role-to-user view testuser -n projecttest
3."testuser" login on web console, create app from template in project "projecttest" using external url:
https://<openshiftserver>:8443/console/project/projecttest/create/fromtemplate?template=ruby-helloworld-sample&namespace=projecttest
After click "Create", check the error info.

Actual results:
3.After click "Create", error info shows up: An error occurred processing the template.

Expected results:
3. Should show error info: 
User "testuser" cannot create processedtemplates in project "projecttest"

Additional info:
Comment 1 openshift-github-bot 2017-11-09 23:14:36 UTC 
Commits pushed to master at https://github.com/openshift/origin-web-console

https://github.com/openshift/origin-web-console/commit/fd4037640f038c8840a7ef5c1b60a857e35d58ae
Bug 1510786 - Error info should be more precise when create app in project with view role

https://github.com/openshift/origin-web-console/commit/721cde05fe8c386935adc209638700b2476dd228
Merge pull request #2481 from jhadvig/processtemp

Automatic merge from submit-queue.

Bug 1510786 - Error info should be more precise when create app in project with view role

Instead of trying to send a request that will fail, we shouldn't show the "Create" button, if he doesn't have the permissions.

![create](https://user-images.githubusercontent.com/1668218/32555206-6d6f1082-c49c-11e7-80cf-4779131a0e93.png)

Not really sure if we shouldn't hide both `Create | Cancel` butwould rather keep the `Cancel` btn for the navigation.

@spadgett PTAL
Comment 2 Jakub Hadvig 2018-01-09 20:05:24 UTC 
Fix PR: https://github.com/openshift/origin-web-console/pull/2481
Comment 4 Yadan Pei 2018-01-17 01:54:27 UTC 
When user have no permission to process template, a full error page will show when he tries to create app from URL
Error
Access denied
You do not have authority to process templates in project <project-name>.


Move to VERIFIED
Comment 7 errata-xmlrpc 2018-03-28 14:11:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0489