Hide Forgot
Description of problem: Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Create a user shveta , granted role of Image Administrator 2. Imported image 3. Revoked the role of "Image Admin" , user is not able to import now , but is able to delete the previously imported image. User is also able to build and push image. User should not be able to perform any action on image. Actual results: Expected results: Additional info: rpm -qa|grep aeolus aeolus-conductor-doc-0.8.0-27.el6.noarch aeolus-conductor-daemons-0.8.0-27.el6.noarch aeolus-configure-2.5.0-13.el6.noarch rubygem-aeolus-cli-0.3.0-8.el6.noarch aeolus-all-0.8.0-27.el6.noarch aeolus-conductor-0.8.0-27.el6.noarch rubygem-aeolus-image-0.3.0-7.el6.noarch
"push all " button is hidden after revoking the role of "Image Admin" but user can build and push to individual providers, then whats the point in hiding "push all" button. No action on images should be allowed
Ahh, yes this looks like a fairly straightforward bug -- the 'delete' action isn't being filtered on permissions.
Patch on-list: https://fedorahosted.org/pipermail/aeolus-devel/2012-March/009484.html
Pushed to master: 570f0138508af369f41e2950b3aa632d0ea606dd
User is not able to import new images,delete images,push,build images after revoking the image admin permissions. Marking this bug as verified based on the above observation.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2012-0583.html