Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Decorators and non-admin users #2730

Closed
edmundoa opened this issue Aug 23, 2016 · 0 comments
Closed

Decorators and non-admin users #2730

edmundoa opened this issue Aug 23, 2016 · 0 comments
Assignees
Labels
Milestone

Comments

@edmundoa
Copy link
Member

@edmundoa edmundoa commented Aug 23, 2016

We need to check the user permissions when displaying the decorators controls in the UI.

Expected Behavior

Non-admin users can only see controls in the UI to apply, edit, or delete decorators when they have the right permissions for it.

Current Behavior

Controls to apply, edit, and delete decorators are visible for all users. This is only a display problem, as the backend actions check the user permissions before making any changes in the system.

Possible Solution

Check user permissions in the frontend, to only display the controls for the actions a user can perform.

Steps to Reproduce (for bugs)

  1. Create a non-admin user and give them (read or write) access to a stream
  2. Log-in with that user and go to the stream
  3. Open the decorators tab and try to apply, edit or delete a decorator
  4. You will see a 403 in the console, but no further indication of what happened

Your Environment

  • Graylog Version: 2.1.0-beta.5-SNAPSHOT (606e329)
@edmundoa edmundoa added bug web labels Aug 23, 2016
@dennisoelkers dennisoelkers self-assigned this Aug 24, 2016
@dennisoelkers dennisoelkers added this to the 2.1.0 milestone Aug 24, 2016
dennisoelkers added a commit that referenced this issue Aug 24, 2016
This change does the following when a user lacks the
'decorators:edit:${streamId}' permission:

  * disables items in action menu, when user lacks
  * disables controls to create decorator
  * disables ability to reorder decorators by drag & drop

Fixes #2730.
dennisoelkers added a commit that referenced this issue Aug 25, 2016
This change does the following when a user lacks the
'decorators:edit:${streamId}' permission:

  * disables items in action menu, when user lacks
  * disables controls to create decorator
  * disables ability to reorder decorators by drag & drop

Fixes #2730.
edmundoa added a commit that referenced this issue Aug 25, 2016
)

* Disable editing controls for decorator if user lacks permissions.

This change does the following when a user lacks the
'decorators:edit:${streamId}' permission:

  * disables items in action menu, when user lacks
  * disables controls to create decorator
  * disables ability to reorder decorators by drag & drop

Fixes #2730.

* Fixing method order, correcting stream prop type.

* Fixing wiring of callback.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

2 participants
You can’t perform that action at this time.