Ubuntu 22.04
Single-node Management Server
MySQL 5.7
SUMMARY
Permissions don't seem to be applied to the Dashboard Resources totals. Was unsure if to file this as a bug or enhancement request. if you set Deny to for example listVPC's, the dashboard still attempts to pull the item counts for Resources on the Default dashboard. The same behavior occurs if you create a project and look at the project dashboard.
STEPS TO REPRODUCE
1.)Set Deny to the following permissions for a role with the type of Domain Admin and apply it to test Account:
listKubernetesClusters
listVPCs
listPublicIpAddresses
2.) The Resource counts for these items will still be listed on the Default/Project dashboard.
3.) Looking at the DevTools for browser, you will see:
Failed to load resource: the server responded with a status of 432 (432)
request.js:37 Object
createError.js:16 Uncaught (in promise) Error: Request failed with status code 432
at e.exports (createError.js:16:15)
at e.exports (settle.js:17:12)
at XMLHttpRequest.s (xhr.js:54:7)
AutogenView.vue:632 DEBUG - Due to route change, ignoring results for any on-going API request listProjects
vuex.esm-browser.js:1057 Uncaught (in promise) r
client/api/?listall=true&page=1&pagesize=1&command=listKubernetesClusters&response=json
Failed to load resource: the server responded with a status of 432 (432)
request.js:37 Object
createError.js:16 Uncaught (in promise) Error: Request failed with status code 432
at e.exports (createError.js:16:15)
at e.exports (settle.js:17:12)
at XMLHttpRequest.s (xhr.js:54:7)
client/api/?listall=true&page=1&pagesize=1&command=listVPCs&response=json
Failed to load resource: the server responded with a status of 432 (432)
request.js:37 Object
createError.js:16 Uncaught (in promise) Error: Request failed with status code 432
at e.exports (createError.js:16:15)
at e.exports (settle.js:17:12)
at XMLHttpRequest.s (xhr.js:54:7)
client/api/?listall=true&page=1&pagesize=1&command=listPublicIpAddresses&response=json
EXPECTED RESULTS
Expectation is that these elements would be hidden if the tenant does not have access to them. Much like the menu items that disappear when you don't have access to say VPCs.
ACTUAL RESULTS
Items are currently shown that customer does not have access to be able to see
DaanHoogland
commented
3 months ago
ISSUE TYPE
COMPONENT NAME
CLOUDSTACK VERSION
CONFIGURATION
N/A
OS / ENVIRONMENT
Ubuntu 22.04 Single-node Management Server MySQL 5.7
SUMMARY
Permissions don't seem to be applied to the Dashboard Resources totals. Was unsure if to file this as a bug or enhancement request. if you set Deny to for example listVPC's, the dashboard still attempts to pull the item counts for Resources on the Default dashboard. The same behavior occurs if you create a project and look at the project dashboard.
STEPS TO REPRODUCE
1.)Set Deny to the following permissions for a role with the type of Domain Admin and apply it to test Account: listKubernetesClusters listVPCs listPublicIpAddresses
2.) The Resource counts for these items will still be listed on the Default/Project dashboard.
3.) Looking at the DevTools for browser, you will see:
EXPECTED RESULTS
ACTUAL RESULTS