[BUG] cluster member can create namespace, but has no access to view it after creation

[WuJun2016]

Describe the bug

cluster member can create namespace, but has no access to view it after creation，

To Reproduce
Steps to reproduce the behavior:

1. create a user, choose Standard User
2. assign a harvester cluster to the new user and select cluster member
   
3. login with this user and go to the harvester cluster
4. at this point you can only see the resources in the harvester-public namespace, and you cannot edit them (as expected)
5. go to Project/Namespace page, and create a project (cluster-member-project)
6. Create a namespace (cluster-member-namespace) in the cluster-member-project
   
7. at this point the user can create resources under cluster-member-namespace

• Problem 1: The Create button is not displayed in the volume page (backend issue)
• Problem 2: Users should not create resources in the harvester-public namespace, but the image creation page can select harvester-public (UI issue)
  

8. go to Project/Namespace page, Create a namespace that does not belong to any Project （such as test-no-namespace）

9. refresh page, This user does not have permission to view test-no-namespace （backend issue）
   

Expected behavior

Support bundle

Environment:

• Harvester ISO version:
• Underlying Infrastructure (e.g. Baremetal with Dell PowerEdge R630):

Additional context
Add any other context about the problem here.

[futuretea]

• Problem 1: The Create button is not displayed in the volume page (backend issue)

unable to reproduce, user can see the Create button in the volume page

---

refresh page, This user does not have permission to view test-no-namespace （backend issue）

even if it's not a Harvester cluster, it has the same behavior, so I'm not sure if this is the behavior that Rancher itself expects

Since Rancher permissions are configured according to project, a namespace that is not associated with a project should be invisible to the standard user.

harvester-public is visible because Harvester does something special.

cc @guangbochen

[harvesterhci-io-github-bot]

Pre Ready-For-Testing Checklist

* [ ] If labeled: require/HEP Has the Harvester Enhancement Proposal PR submitted?
The HEP PR is at:

* [ ] Where is the reproduce steps/test steps documented?
The reproduce steps/test steps are at:

* [ ] Is there a workaround for the issue? If so, where is it documented?
The workaround is at:

* [ ] Have the backend code been merged (harvester, harvester-installer, etc) (including backport-needed/*)?
The PR is at:

* [ ] Does the PR include the explanation for the fix or the feature?

* [ ] Does the PR include deployment change (YAML/Chart)? If so, where are the PRs for both YAML file and Chart?
The PR for the YAML change is at:
The PR for the chart change is at:

* [ ] If labeled: area/ui Has the UI issue filed or ready to be merged?
The UI issue/PR is at:

* [ ] If labeled: require/doc, require/knowledge-base Has the necessary document PR submitted or merged?
The documentation/KB PR is at:

* [ ] If NOT labeled: not-require/test-plan Has the e2e test plan been merged? Have QAs agreed on the automation test case? If only test case skeleton w/o implementation, have you created an implementation issue?
- The automation skeleton PR is at:
- The automation test case PR is at:

* [ ] If the fix introduces the code for backward compatibility Has a separate issue been filed with the label release/obsolete-compatibility?
The compatibility issue is filed at:

[TachunLin]

Try to reproduce the issues on master-8f01b558-head (7/14).

For the three problems highlighted in this issue.

• Problem 1: The Create button is not displayed on the image and volume page while already having project namespace assigned to the cluster member use
• Problem 2: Users should not create resources in the harvester-public namespace, but the image creation page can select harvester-public -> This would be the current design
• Problem 3: Create a namespace that does not belong to any Project and refresh page, this user does not have permission to view test-no-namespace -> This would be the expected behavior

Problem 1 can't be reproduced, when a cluster member privilege user have assigned the project and namespace
This user can see create button on the volume and image page

Since the only problem here can't be reproduced, thus close this issue.