search

infinispan / infinispan-console

Infinispan Server Web Console
https://infinispan.org/
Apache License 2.0
27 stars 31 forks source link

The cache create page for `deployer` user takes to "Unauthorized access" page #542

Open andyuk1986 opened 3 weeks ago

andyuk1986 commented 3 weeks ago

Describe the bug

From the existing Infinispan authorization logic, the admin and deployer users should be able to create a cache, others see Create cache configuration button, which allows to create the cache config and download it. Seems that there is regression in 15.x (which I have just found by manual testing), so when the deployer clicks on Create a cache button, the "Unauthorized access" page is shown.

Expected behavior

The deployer user should be able to create a cache.

Actual behavior

The deployer user is not able to create a cache. The Unauthorized access page is shown to him.

How to Reproduce?

  1. Create a deployer user with command:
    ./cli.sh user create deployer -p password -g deployer

  2. The start the server and login with deployer user. You can see the button Create a cache.

  3. Click on the button, and you will see the following screen: image

Output of uname -a or ver

Linux fedora 6.10.12-200.fc40.x86_64

Infinispan version or git rev

15.x

andyuk1986 commented 3 weeks ago

I will add a test covering this scenario, as our RBAC tests were testing only that the deployer can see the button, assuming that the button will lead to a proper page.

karesti commented 3 weeks ago

@andyuk1986 please change the screenshot (or remove the header)

andyuk1986 commented 3 weeks ago

@karesti I have updated the screenshot with proper one and updated the header.