unable to add user to project using UI

[rajujith]

ISSUE TYPE

• Bug Report

COMPONENT NAME

UI

CLOUDSTACK VERSION

4.19.1.1

CONFIGURATION

Project

SUMMARY

As a normal user, I can add a project and add a user to a project from another account in the same domain, I can't do the same with UI. UI checks the username with listusers which is not allowed for normal users for listing users in other accounts.

STEPS TO REPRODUCE

1. Create a project as a normal user
2. add a user to the project filling the form with the exact username of another user.

EXPECTED RESULTS

UI should allow adding users to project since its allowed via API. 

ACTUAL RESULTS

UI doesn't allow adding user to project for normal users. 

[DaanHoogland]

@rajujith , I am not sure if allowing users to list users from another account would be a security issue. Maybe you can play with roles to see if it is possible?

[weizhouapache]

@rajujith , I am not sure if allowing users to list users from another account would be a security issue. Maybe you can play with roles to see if it is possible?

An option could be

• if the caller (also project admin) is a root admin or domain admin, display the a dropdown with available accounts.
• if the caller is a regular user, display a text input so that user can input the account name to be added.