Return-Path: X-Original-To: apmail-cloudstack-issues-archive@www.apache.org Delivered-To: apmail-cloudstack-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 44D0410528 for ; Wed, 14 Aug 2013 21:57:48 +0000 (UTC) Received: (qmail 67518 invoked by uid 500); 14 Aug 2013 21:57:48 -0000 Delivered-To: apmail-cloudstack-issues-archive@cloudstack.apache.org Received: (qmail 67502 invoked by uid 500); 14 Aug 2013 21:57:48 -0000 Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list issues@cloudstack.apache.org Received: (qmail 67494 invoked by uid 500); 14 Aug 2013 21:57:48 -0000 Delivered-To: apmail-incubator-cloudstack-issues@incubator.apache.org Received: (qmail 67491 invoked by uid 99); 14 Aug 2013 21:57:48 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 14 Aug 2013 21:57:48 +0000 Date: Wed, 14 Aug 2013 21:57:48 +0000 (UTC) From: "Alena Prokharchyk (JIRA)" To: cloudstack-issues@incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Reopened] (CLOUDSTACK-2989) normal user are allowed to create isolated network offerings with vlan assignments MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CLOUDSTACK-2989?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alena Prokharchyk reopened CLOUDSTACK-2989: ------------------------------------------- Reopening the issue. The fix is not quite correct. Regular user should be able to list the network offering, but he shouldn't be able to use it for the network creation. Not showing network offerings with specifyVlan=true to the regular user, causes lots of issues like: *UI issues * if admin created the network on behalf of the user using offering with specifyVlan=true, regular user is supposed to see the network offering details. Right now he can't do it. The original issue should be fixed in the UI. UI shouldn't list the network offering with specifyVlan=true to the regular user. > normal user are allowed to create isolated network offerings with vlan assignments > ---------------------------------------------------------------------------------- > > Key: CLOUDSTACK-2989 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2989 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the default.) > Components: Network Controller, UI > Affects Versions: 4.2.0 > Environment: build: > CloudStack-non-OSS-MASTER-472-rhel6.3 > Reporter: shweta agarwal > Assignee: Mice Xia > Priority: Critical > Fix For: 4.2.0 > > > Repro steps: > 1. Create a domain and an account within the domain > 2. Create a network offerings with specify vlan=true for isolated network > 3. Create network with network offering created in step 2 as a domain account created in step 1 > Bug: > Network creation is successful > Expected result: > normal user should not be allowed to create network with specify Vlan=true isolated network > Even Functional spec says: > nly ROOT admin is aware of the Vlans in the system. So only he can create the Isolated network with the vlan defined. UI should handle it and don't display network offerings with "specifyVlan=true" when create a new Isolated network. > Even vial Normal user UI > Create network dialog shows Network offerings with specify vlan=ture and when I try to create a network offerings it passes also > So that means both at UI level and api level this condition is not checked -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira