Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1820431

Summary: console should disable the install button for users who only have view permisson
Product: OpenShift Container Platform Reporter: shahan <hasha>
Component: Management ConsoleAssignee: Steve Goodwin <sgoodwin>
Status: CLOSED DUPLICATE QA Contact: Yadan Pei <yapei>
Severity: low Docs Contact:
Priority: unspecified    
Version: 4.5CC: aos-bugs, bpeterse, jokerman, spadgett
Target Milestone: ---   
Target Release: 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-06-18 14:19:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description shahan 2020-04-03 04:27:43 UTC 
Description of problem:
console should disable the install button for users who only have view permisson

Version-Release number of selected component (if applicable):
4.5.0-0.nightly-2020-04-02-195956


How reproducible:
Always

Steps to Reproduce:
1. granted the normal user aggregate-olm-view clusterrole to have the view operatorhub page
2. goto operatorhub page, click 3scale operators
3.

Actual results:
The "Installed Namespace"  dropdown always loading on the subscription creation page since the user have no permisson to view all ns

Expected results:

console should disable the install button for users who only have view permisson

Additional info:
Comment 2 Samuel Padgett 2020-06-15 20:05:40 UTC 
(In reply to shahan from comment #0)
> The "Installed Namespace"  dropdown always loading on the subscription
> creation page since the user have no permisson to view all ns

This shouldn't be the case because we use the projects API to populate the dropdown. All users can list projects.

I could see it happening if the *active* project is somehow a project the user can't access. Then the dropdown might keep loading since the selected item isn't in the list. Can you confirm the project selected in the project dropdown just below the masthead is a project the current user has access to?

If so, it's kind of hard to get in this situation. But we should handle it better.


> console should disable the install button for users who only have view
> permisson

This is not so simple because you selected the install mode and target namespace on the next page. There's not a good access review we can make until we know the target namespace.

It might be possible to check the user's access to the *current* namespace, although it could incorrectly disable the button when the user has permission to install in a different namespace or the `openshift-operators` namespace for global operators.
Comment 3 Samuel Padgett 2020-06-18 14:19:03 UTC 
The underlying problems with the dropdown loading is the same as bug 1845817.

*** This bug has been marked as a duplicate of bug 1845817 ***