yahoo-eng-team team mailing list archive

[David Gutman <1741051@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

When a user doesn't match the policy rules of a panel then the panel tab
is removed from the menu of the left, but panel views are still
accessible using directly the url (ex /admin/flavors/).

In most of the case, views won't work correctly because of the lack of
right in the backend, but it may cause trouble when you play with
policies.

I think it could be more elegant to return directly a "You are not
authorized to access this page" from the frontend when user try to
access a view of a panel (via url) without matching the policy rules.

** Affects: horizon
     Importance: Undecided
     Assignee: David Gutman (david.gutman)
         Status: In Progress

** Changed in: horizon
     Assignee: (unassigned) => David Gutman (david.gutman)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1741051

Title:
  Views accessible via url even if user doesn't match policy rules

Status in OpenStack Dashboard (Horizon):
  In Progress

Bug description:
  When a user doesn't match the policy rules of a panel then the panel
  tab is removed from the menu of the left, but panel views are still
  accessible using directly the url (ex /admin/flavors/).

  In most of the case, views won't work correctly because of the lack of
  right in the backend, but it may cause trouble when you play with
  policies.

  I think it could be more elegant to return directly a "You are not
  authorized to access this page" from the frontend when user try to
  access a view of a panel (via url) without matching the policy rules.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1741051/+subscriptions