2140539 – Disable all active elements on VM and Template pages if user have view only permission

Bug 2140539 - Disable all active elements on VM and Template pages if user have view only permission

Summary: Disable all active elements on VM and Template pages if user have view only p...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Container Native Virtualization (CNV)
Classification:	Red Hat
Component:	User Experience
Sub Component:
Version:	4.12.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	4.12.1
Assignee:	Ugo Palatucci
QA Contact:	Guohua Ouyang
Docs Contact:
URL:
Whiteboard:
Depends On:	2143216
Blocks:
TreeView+	depends on / blocked

Reported:	2022-11-07 05:46 UTC by Guohua Ouyang
Modified:	2023-02-10 04:21 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	2143216 (view as bug list)
Environment:
Last Closed:	2023-02-10 04:21:50 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	kubevirt-ui kubevirt-plugin pull 957	0	None	Merged	Bug 2140539: Disable template editing if only view permissions	2022-11-22 20:19:09 UTC
Red Hat Issue Tracker	CNV-22303	0	None	None	None	2022-11-07 06:07:01 UTC

Description Guohua Ouyang 2022-11-07 05:46:03 UTC

Description of problem:
Disable all active elements on VM/Template pages if user have view only permission:
- disable VNC connecting/play button in overview tab
- disable the VNC connecting button in standalone view (by click "Open web console")
- disable "Take snapshot" in overview tab
- disable all edit button in details tab
- "environment" tab cannot be loaded, need to figure out what to show there. maybe just keep the top line "Include all values from existing config maps, secrets or service accounts (as disk)" and remove others
- Console tab, need to hide the login credentials and disable the VNC connecting
- disable "Add network interface" button 
- disable "Add disk" button
- disable "Take snapshot" button in snapshot tab
- disable all actions (start/stop/restart/delete ...) in kebab action and action menu.
- apply above rules to templates as well


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Guohua Ouyang 2022-11-07 06:01:44 UTC

Steps to Reproduce:
1. create a running vm in a project and a template by kubeadmin
2. create a non-admin user and assign view only permission to the project
$ oc adm policy add-role-to-user view test -n default
3. login with non-admin user "test"
4. view VM/template in view only project "default" in web console

Comment 2 Dan Kenigsberg 2022-11-07 06:32:43 UTC

design note: we should not attempt to re-implement the permission model in GUI. "can the active user do X" questions should be delegated to the back-end.

Comment 3 Ugo Palatucci 2022-11-08 10:44:41 UTC

about the VNC play/connect button there is a separate bug for that: https://bugzilla.redhat.com/show_bug.cgi?id=2140534

Comment 4 Guohua Ouyang 2022-11-23 04:45:59 UTC

The issue is still on v4.12.0-172

Comment 6 Guohua Ouyang 2023-02-07 12:30:33 UTC

The issue is still existing on CNV-v4.12.1-25

Comment 7 Guohua Ouyang 2023-02-10 04:21:50 UTC

Close the bug until there is a request to backport this to 4.12.z

Note You need to log in before you can comment on or make changes to this bug.