Reviewed:  https://review.openstack.org/530928
Committed: 
https://git.openstack.org/cgit/openstack/horizon/commit/?id=3f585d3b1efca1b2379d6c0a80246fd6e5a87640
Submitter: Zuul
Branch:    master

commit 3f585d3b1efca1b2379d6c0a80246fd6e5a87640
Author: David Gutman <david.gut...@thalesgroup.com>
Date:   Wed Jan 3 14:25:46 2018 +0100

    Views accessible via url even if user doesn't match policy rules
    
    When a user doesn't match the policy rules of a panel then the panel tab
    is removed from the menu of the left, but panel views are still
    accessible using directly the url (ex /admin/flavors/).
    
    In most of the case, views won't work correctly because of the lack of
    right in the backend, but it may cause trouble when you play with
    policies.
    
    I think it could be more elegant to return directly a "You are not
    authorized to access this page" from the frontend when user try to
    access a view of a panel (via url) without matching the policy rules.
    
    Change-Id: I7bc93fed29568adfc14d5bcadfc8728d3b5cf633
    Closes-Bug: #1741051


** Changed in: horizon
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1741051

Title:
  Views accessible via url even if user doesn't match policy rules

Status in OpenStack Dashboard (Horizon):
  Fix Released

Bug description:
  When a user doesn't match the policy rules of a panel then the panel
  tab is removed from the menu of the left, but panel views are still
  accessible using directly the url (ex /admin/flavors/).

  In most of the case, views won't work correctly because of the lack of
  right in the backend, but it may cause trouble when you play with
  policies.

  I think it could be more elegant to return directly a "You are not
  authorized to access this page" from the frontend when user try to
  access a view of a panel (via url) without matching the policy rules.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1741051/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to