Public bug reported: When a user doesn't match the policy rules of a panel then the panel tab is removed from the menu of the left, but panel views are still accessible using directly the url (ex /admin/flavors/).
In most of the case, views won't work correctly because of the lack of right in the backend, but it may cause trouble when you play with policies. I think it could be more elegant to return directly a "You are not authorized to access this page" from the frontend when user try to access a view of a panel (via url) without matching the policy rules. ** Affects: horizon Importance: Undecided Assignee: David Gutman (david.gutman) Status: In Progress ** Changed in: horizon Assignee: (unassigned) => David Gutman (david.gutman) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1741051 Title: Views accessible via url even if user doesn't match policy rules Status in OpenStack Dashboard (Horizon): In Progress Bug description: When a user doesn't match the policy rules of a panel then the panel tab is removed from the menu of the left, but panel views are still accessible using directly the url (ex /admin/flavors/). In most of the case, views won't work correctly because of the lack of right in the backend, but it may cause trouble when you play with policies. I think it could be more elegant to return directly a "You are not authorized to access this page" from the frontend when user try to access a view of a panel (via url) without matching the policy rules. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1741051/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp