782784 – Action on "New Image" as non admin user shall display "Insufficient privilege" message instead of displaying it at the last

Bug 782784 - Action on "New Image" as non admin user shall display "Insufficient privilege" message instead of displaying it at the last

Summary: Action on "New Image" as non admin user shall display "Insufficient privilege...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	CloudForms Cloud Engine
Classification:	Retired
Component:	aeolus-conductor
Sub Component:
Version:	1.0.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	low
Target Milestone:	rc
Assignee:	Jan Provaznik
QA Contact:	wes hayutin
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-01-18 13:01 UTC by Shveta
Modified:	2012-03-22 14:39 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-03-22 14:39:12 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Shveta 2012-01-18 13:01:56 UTC

Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce: 
1. As a non admin user click on Environments-- > New Image 
2. Upload template continue , save template 
3. At the end message is displayed : "You have insufficient privileges to perform the selected action. " 

Instead this message should be displayed at the click of "New Image" only i.e at the beginning
  
Actual results:


Expected results:


Additional info:

rpm -qa|grep aeolus
aeolus-conductor-daemons-0.8.0-7.el6.noarch
rubygem-aeolus-image-0.3.0-2.el6.noarch
aeolus-configure-2.5.0-4.el6.noarch
rubygem-aeolus-cli-0.3.0-3.el6.noarch
aeolus-conductor-0.8.0-7.el6.noarch
aeolus-all-0.8.0-7.el6.noarch
aeolus-conductor-doc-0.8.0-7.el6.noarch

Comment 1 Matt Wagner 2012-01-19 16:49:40 UTC

Per-image permissions are not in scope for 1.0. However, we need to have an "Image Creators" sort of role to enable rough controls over who can/cannot create/delete images.

Comment 2 Jan Provaznik 2012-01-19 16:51:30 UTC

"You have insufficient privileges to perform the selected action. " is displayd after an image is created and user is redirected to deployable create page (privilege message is raised by deployables controller because deployables are permissioned object).

The thing is that we don't have any image permissions now (images are warehouse objects), Matt is going to add 'global pool family USE permissions' for 'image administrator' role. Then we can add privilege check to all images actions.

second part:
<sseago> we should hide the 'make deployable now' option if the user doesn't have permission to make a deployable

Comment 3 Matt Wagner 2012-01-19 22:29:51 UTC

I made disappointingly little progress today, so I didn't get to this as I had hoped. I did, however, send out a patch for its sister bug, #782420 -- see http://lists.fedorahosted.org/pipermail/aeolus-devel/2012-January/008212.html

Hopefully it'll be easier to build on top of this to check for the privilege.

Comment 4 Jan Provaznik 2012-03-15 08:35:40 UTC

UI has changed and now it's not possible to create new deployable when creating new image -> this bug can't occur anymore so I would suggest to close this BZ.

Comment 5 Dave Johnson 2012-03-22 14:39:12 UTC

per comment 4, closing this out

Note You need to log in before you can comment on or make changes to this bug.