Hide Forgot
Description of problem: Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. As a non admin user click on Environments-- > New Image 2. Upload template continue , save template 3. At the end message is displayed : "You have insufficient privileges to perform the selected action. " Instead this message should be displayed at the click of "New Image" only i.e at the beginning Actual results: Expected results: Additional info: rpm -qa|grep aeolus aeolus-conductor-daemons-0.8.0-7.el6.noarch rubygem-aeolus-image-0.3.0-2.el6.noarch aeolus-configure-2.5.0-4.el6.noarch rubygem-aeolus-cli-0.3.0-3.el6.noarch aeolus-conductor-0.8.0-7.el6.noarch aeolus-all-0.8.0-7.el6.noarch aeolus-conductor-doc-0.8.0-7.el6.noarch
Per-image permissions are not in scope for 1.0. However, we need to have an "Image Creators" sort of role to enable rough controls over who can/cannot create/delete images.
"You have insufficient privileges to perform the selected action. " is displayd after an image is created and user is redirected to deployable create page (privilege message is raised by deployables controller because deployables are permissioned object). The thing is that we don't have any image permissions now (images are warehouse objects), Matt is going to add 'global pool family USE permissions' for 'image administrator' role. Then we can add privilege check to all images actions. second part: <sseago> we should hide the 'make deployable now' option if the user doesn't have permission to make a deployable
I made disappointingly little progress today, so I didn't get to this as I had hoped. I did, however, send out a patch for its sister bug, #782420 -- see http://lists.fedorahosted.org/pipermail/aeolus-devel/2012-January/008212.html Hopefully it'll be easier to build on top of this to check for the privilege.
UI has changed and now it's not possible to create new deployable when creating new image -> this bug can't occur anymore so I would suggest to close this BZ.
per comment 4, closing this out