kiranchavala opened a new issue, #7759:
URL: https://github.com/apache/cloudstack/issues/7759
**ISSUE TYPE**
* BUG
**COMPONENT NAME**
Component: API, UI
**CLOUDSTACK VERSION**
Cloudstack 4.18
**SUMMARY**
UI: Customer role (rules) listVirtualMachines is not enforced
**Steps to reproduce the issue**
1. Create a account with the default role (user)
screenshot
2. Create a custom role
screenshot
3. Login with the normal user account and deploy a vm
4. With admin user credentials change the account role from user to custom
role
(cmk) > update account roleid=e2251d81-7e2b-4f1b-bcd0-e404de8426ce
account=kiran domainid=489f928d-26c7-11ee-b6ac-1e00a8000339
5. With admin user crdentials Modify the rules in custom role ( for
example Deny )
screenshot
For example :
I have updated the listvirtualmachine permission to deny for the custom-role
(cmk) > update rolepermission roleid=e2251d81-7e2b-4f1b-bcd0-e404de8426ce
ruleid=1c55b696-0f22-4302-93fe-da44aadcf282 permission=deny
{
"success": true
}
5. With normal user credentials Execute the list virtual machines
Expected behaviour
(cmk) > list virtualmachines
Error: (HTTP 432, error code 9999) The API [listVirtualMachines] does not
exist or is not available for the account Account
[{"accountName":"kiran","id":5,"uuid":"25753675-308f-4c19-b659-51482966201a"}
6. Login to the Ui with ( normal user)
Able to see the virtual machines
**Actual behavior**
Normal user is able to see the virtual machines , even though the
listVirtualMachines api is not working
**Expected behavior**
Normal user should not be able to see the virtual machines as the
listVirtualMachines api is not working
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
