2139651 – non-priv user can click create when have no permissions

Bug 2139651 - non-priv user can click create when have no permissions

Summary: non-priv user can click create when have no permissions

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Container Native Virtualization (CNV)
Classification:	Red Hat
Component:	User Experience
Sub Component:
Version:	4.12.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	4.12.0
Assignee:	Aviv Turgeman
QA Contact:	Guohua Ouyang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-11-03 07:58 UTC by Aviv Turgeman
Modified:	2023-01-24 13:42 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-01-24 13:41:50 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
templates view (112.90 KB, image/png) 2022-11-03 07:58 UTC, Aviv Turgeman	no flags	Details
View All

Links
System	ID	Priority	Status	Summary	Last Updated
Github	kubevirt-ui kubevirt-plugin pull 946	None	open	Bug 2139651: non-priv user can click create when have no permissions	2022-11-03 09:24:38 UTC
Red Hat Issue Tracker	CNV-22210	None	None	None	2022-11-03 08:10:52 UTC
Red Hat Product Errata	RHSA-2023:0408	None	None	None	2023-01-24 13:42:00 UTC

Description Aviv Turgeman 2022-11-03 07:58:56 UTC

Created attachment 1921905 [details]
templates view

Description of problem:
a non-priv user can click create in Templates and VirtualMachines view while he gets an error to list these resources, and the create operation will fail

Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1. navigate to Virtualiztion -> VirtualMachines / Templates
2. create dropdown / button exists -> if will proceed evantually at creation it will fail


Actual results:
Create dropdown / button appear in the UI

Expected results:
Create dropdown / button should be hidden in case of no permissions

Additional info:

Comment 2 Guohua Ouyang 2022-11-07 10:14:55 UTC

verified on v4.12.0-1652

Comment 7 errata-xmlrpc 2023-01-24 13:41:50 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Virtualization 4.12.0 Images security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:0408

Note You need to log in before you can comment on or make changes to this bug.