From: Afreen Misbah Date: Tue, 12 May 2026 12:07:39 +0000 (+0530) Subject: mgr/dashboard: Fix edit and delete access for pool-manager role X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=ac7fd7d51508b9b439ffb9131ea901731b7177dc;p=ceph.git mgr/dashboard: Fix edit and delete access for pool-manager role Fixes https://tracker.ceph.com/issues/76561 - allows deleting pools in pool-manager role by bypassing config-opt read permissions - allows editing in pool-manager role which failing deu to misisng rbd mirroring permissions - fixes a bug with pool edit mode where when both compression and name are edited it fails due to an if-else logic bug Signed-off-by: Afreen Misbah --- diff --git a/src/pybind/mgr/dashboard/frontend/src/app/ceph/pool/pool-form/pool-form.component.html b/src/pybind/mgr/dashboard/frontend/src/app/ceph/pool/pool-form/pool-form.component.html index 10e17674ec43..dfcd7523a08c 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/ceph/pool/pool-form/pool-form.component.html +++ b/src/pybind/mgr/dashboard/frontend/src/app/ceph/pool/pool-form/pool-form.component.html @@ -364,7 +364,7 @@ - @if (data.applications.selected.includes('rbd')) { + @if ((permissions?.rbdMirroring?.create || (editing && permissions?.rbdMirroring?.update)) && data.applications.selected.includes('rbd')) {
{ - this.form.get('rbdMirroring').setValue(resp.mirror_mode === 'pool'); - }); + if (this.permissions?.rbdMirroring?.read) { + this.rbdMirroringService + .getPool(pool.pool_name) + .subscribe((resp: PoolEditModeResponseModel) => { + this.form.get('rbdMirroring').setValue(resp.mirror_mode === 'pool'); + }); + } } private setAvailableApps(apps: string[] = this.data.applications.default) { @@ -945,7 +947,16 @@ export class PoolFormComponent extends CdForm implements OnInit { formControlName: 'ecOverwrites', replaceFn: () => (this.isErasure ? ['ec_overwrites'] : undefined) }); - + if (this.editing) { + this.assignFormFields(pool, [ + { + externalFieldName: 'srcpool', + formControlName: 'name', + editable: true, + replaceFn: () => this.data.pool.pool_name + } + ]); + } if (this.form.getValue('mode') !== 'none') { this.assignFormFields(pool, [ { @@ -993,12 +1004,6 @@ export class PoolFormComponent extends CdForm implements OnInit { formControlName: 'mode', editable: true, replaceFn: () => 'unset' // Is used if no compression is set - }, - { - externalFieldName: 'srcpool', - formControlName: 'name', - editable: true, - replaceFn: () => this.data.pool.pool_name } ]); } diff --git a/src/pybind/mgr/dashboard/frontend/src/app/ceph/pool/pool-list/pool-list.component.ts b/src/pybind/mgr/dashboard/frontend/src/app/ceph/pool/pool-list/pool-list.component.ts index 655709b5ce67..060d8644dd1f 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/ceph/pool/pool-list/pool-list.component.ts +++ b/src/pybind/mgr/dashboard/frontend/src/app/ceph/pool/pool-list/pool-list.component.ts @@ -113,6 +113,14 @@ export class PoolListComponent extends ListWithDetails implements OnInit { this.monAllowPoolDelete = monSection.value === 'true' ? true : false; } }); + } else if (this.permissions.pool.read) { + /* + `monAllowPoolDelete` will always be `false`, + because no read permissions for reading config settings. + Hence enabling by default for pool based roles which allow CRUD. + @TODO: Fix once permissions of config-opt are sorted. + */ + this.monAllowPoolDelete = true; } }