Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1601319

Summary: [converged] Should disable Create button when user has no permission to create resource
Product: OpenShift Container Platform Reporter: Yadan Pei <yapei>
Component: Management ConsoleAssignee: Samuel Padgett <spadgett>
Status: CLOSED NOTABUG QA Contact: Yadan Pei <yapei>
Severity: medium Docs Contact:
Priority: low    
Version: 3.11.0CC: aos-bugs, jokerman, mmccomas, yapei
Target Milestone: ---   
Target Release: 3.11.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-07-16 16:07:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
RolesPage
none
RoleBindingsPage none

Description Yadan Pei 2018-07-16 05:29:12 UTC 
Description of problem:
Normal user has no permission to create Roles & RoleBindings in default project, but Create button is still enabled, we should disable it if we don't have creation permission.

Version-Release number of selected component (if applicable):
OpenShift v3.10.18
docker.io/openshift/origin-console                                          latest              fb4295d1e2f7        2 days ago          259 MB


How reproducible:
Always

Steps to Reproduce:
1.Normal user login admin console without any projects
2.Go to Roles & RoleBindings page
3.Click Create and try to create Roles & RoleBindings


Actual results:
1. When user has no projects, a 'default' project will be pre-set when navigation to resource pages
2. normal user has no permission to create Roles & RoleBinding in 'default' project, but the Create button is still enabled. 
3. When create Roles & RoleBindings, we got error message:
roles.rbac.authorization.k8s.io is forbidden: User "<normaluser>" cannot list roles.rbac.authorization.k8s.io in the namespace "default": User "<normaluser>" cannot list roles.rbac.authorization.k8s.io in project "default"

Expected results:
2. Since we have no permission to create them, we'd better disable it

Additional info:
Comment 1 Yadan Pei 2018-07-16 05:30:25 UTC 
Created attachment 1459051 [details]
RolesPage
Comment 2 Yadan Pei 2018-07-16 05:31:08 UTC 
Created attachment 1459052 [details]
RoleBindingsPage
Comment 3 Samuel Padgett 2018-07-16 16:07:27 UTC 
We are still working on RBAC support in the console. It's being tracked as part of story CONSOLE-499. Since we haven't implemented this in converged console yet and the effort is large (out of scope for 3.11), marking this "not a bug."
Comment 4 Yadan Pei 2018-07-17 02:04:06 UTC 
Ok, good to know it. Thanks