Public bug reported:
When a user doesn't match the policy rules of a panel then the panel tab
is removed from the menu of the left, but panel views are still
accessible using directly the url (ex /admin/flavors/).
In most of the case, views won't work correctly because of the lack of
right in the backend, but it may cause trouble when you play with
policies.
I think it could be more elegant to return directly a "You are not
authorized to access this page" from the frontend when user try to
access a view of a panel (via url) without matching the policy rules.
** Affects: horizon
Importance: Undecided
Assignee: David Gutman (david.gutman)
Status: In Progress
** Changed in: horizon
Assignee: (unassigned) => David Gutman (david.gutman)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1741051
Title:
Views accessible via url even if user doesn't match policy rules
Status in OpenStack Dashboard (Horizon):
In Progress
Bug description:
When a user doesn't match the policy rules of a panel then the panel
tab is removed from the menu of the left, but panel views are still
accessible using directly the url (ex /admin/flavors/).
In most of the case, views won't work correctly because of the lack of
right in the backend, but it may cause trouble when you play with
policies.
I think it could be more elegant to return directly a "You are not
authorized to access this page" from the frontend when user try to
access a view of a panel (via url) without matching the policy rules.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1741051/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
