Hide Forgot
Description of problem: Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. created a user (Shveta) 2. Logged in as shveta 3. Launched instance from new deployment 4. Revoked access for "Global deployable user" from admin for shveta 5. Not able to launch instance from "new deployment" as Shveta which is correct 6. But able to launch instance from catalog_entry (bug) Actual results: Expected results: Additional info: rpm -qa|grep aeolus rubygem-aeolus-image-0.2.0-1.el6.noarch aeolus-conductor-0.7.0-4.el6.noarch aeolus-conductor-doc-0.7.0-4.el6.noarch aeolus-configure-2.4.0-3.el6.noarch rubygem-aeolus-cli-0.2.0-3.el6.noarch aeolus-all-0.7.0-4.el6.noarch aeolus-conductor-daemons-0.7.0-4.el6.noarch
adding to ce-sprint-next
adding to ce-sprint
removing ce-sprint-next tracker
taking off ce-sprint-next..
So I'm not quite seeing the same thing here. First of all, I am seeing the correct thing on the pools "New Deployment" side -- the way you set this up, you removed global permission to access deployables, but the user still has permission to launch instances in the pool. What this means is that the user still has launch rights, but without global deployable access, the user will only see deployables with explicit permission granted. In this case, there are none, so the launch form is there, but there aren't any deployables to choose from. On the 'launch' button from the deployables view, since we've revoked access to get to the deployable page (containing the launch button), that page is correctly preventing this user from accessing the deployable: Errors You have insufficient privileges to perform the selected action. So the one remaining error I see is that the catalog show page that shows the list of deployables (/conductor/catalogs/1) is not properly filtering the deployable list. I can see all of my deployables even though I shouldn't have permission to view them at all. So, at a minimum, I'll fix the filtering permission as part of this bug. As for the rest, I'm not sure if it was recently fixed or I'm misunderstanding the bug report. Let me know if there's another aspect of the bug I'm missing.
Patch on list here: https://fedorahosted.org/pipermail/aeolus-devel/2012-January/008140.html Commit hash: f7557c8d264afc20702862cfcab46ef7153b250f
6175ea66a1c1bbac2369de65a9e7b164745f8bf7 in aeolus-conductor-0.8.0-10
Created attachment 557815 [details] dep_check_added
Verified in rpm -qa|grep aeolus aeolus-conductor-0.8.0-11.el6.noarch aeolus-conductor-doc-0.8.0-11.el6.noarch rubygem-aeolus-image-0.3.0-3.el6.noarch rubygem-aeolus-cli-0.3.0-5.el6.noarch aeolus-all-0.8.0-11.el6.noarch aeolus-configure-2.5.0-7.el6.noarch aeolus-conductor-daemons-0.8.0-11.el6.noarch