Skip to content
This repository has been archived by the owner on Mar 31, 2022. It is now read-only.

Create specific permission ui.loginToUi and built-in role ui-minimal #46

Closed
alexbudarov opened this issue Jan 18, 2021 · 0 comments
Closed

Create specific permission ui.loginToUi and built-in role ui-minimal #46

alexbudarov opened this issue Jan 18, 2021 · 0 comments
Assignees
@GlebDurygin @lovtsovaik
Milestone
0.9.0

Comments

@alexbudarov
Copy link

alexbudarov commented Jan 18, 2021
edited by GlebDurygin

Currently if I create user that is intended to have only REST API access - this user still can login to backoffice UI.

This user can see main screen and all components on the main screen.
He cannot open any screens from menu because he doesn't have menu / screen permissions.
But if he has some entity permissions, or if components in the main screen's initialLayout use native SQL / entityManager to load data - then user will be able to see it, without ability to restrict him.

So it feels that we need to port "login to web/backoffice ui" permission from CUBA. And provide built-in "system-backoffice-minimal" role with one this permission.

Solution

  • Specific permission to login to UI - ui.loginToUi
  • UiMinimalRole
@ResourceRole(name = "UI: minimal access", code = UiMinimalRole.CODE)
public interface UiMinimalRole {

    String CODE = "ui-minimal";

    @ScreenPolicy(screenIds = "main")
    void main();

    @ScreenPolicy(screenIds = "login")
    @SpecificPolicy(resources = "ui.loginToUi")
    void login();

    @ScreenPolicy(screenIds = "backgroundWorkProgressScreen")
    void backgroundWork();

    @ScreenPolicy(screenIds = "ui_LayoutAnalyzerScreen")
    void layoutAnalyzer();

    @ScreenPolicy(screenIds = "inputDialog")
    void inputDialog();

    @ScreenPolicy(screenIds = "notFoundScreen")
    void notFoundScreen();

    @ScreenPolicy(screenIds = "selectValueDialog")
    void selectValueDialog();

    @EntityPolicy(entityClass = KeyValueEntity.class, actions = EntityPolicyAction.READ)
    @EntityAttributePolicy(entityClass = KeyValueEntity.class, attributes = "*", action = EntityAttributePolicyAction.VIEW)
    void keyValueEntity();
}

QA

  1. Check that user cannot login to UI without ui.loginToUi specific permission.
  2. Check that user with ui-minimal role can login to UI.
@alexbudarov alexbudarov added this to the 0.3.0 milestone Jan 18, 2021
@glebfox glebfox modified the milestones: 0.3.0, 1.0.0 Feb 17, 2021
@glebfox glebfox assigned GlebDurygin and unassigned glebfox Mar 16, 2021
@Flaurite Flaurite mentioned this issue Mar 22, 2021
Closed
@GlebDurygin GlebDurygin changed the title Create specific permission "login to backoffice UI" and built-in role "system-backoffice-minimal" Create specific permission security.ui.loginToBackofficeUi and built-in role minimal-backoffice-ui Mar 22, 2021
@GlebDurygin GlebDurygin changed the title Create specific permission security.ui.loginToBackofficeUi and built-in role minimal-backoffice-ui Create specific permission ui.loginToUi and built-in role ui-minimal Mar 23, 2021
GlebDurygin pushed a commit to jmix-projects/jmix-translations that referenced this issue Mar 24, 2021
Create specific permission ui.loginToUi and built-in role ui-minimal j…
b0b16b7 
…mix-projects/jmix-security#46
GlebDurygin pushed a commit that referenced this issue Mar 24, 2021
Create specific permission ui.loginToUi and built-in role ui-minimal #46
1c5193c
GlebDurygin pushed a commit to jmix-projects/jmix-cuba that referenced this issue Mar 24, 2021
Create specific permission ui.loginToUi and built-in role ui-minimal j…
960b976 
…mix-projects/jmix-security#46
@natfirst natfirst assigned lovtsovaik and unassigned natfirst Mar 24, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@GlebDurygin GlebDurygin

@lovtsovaik lovtsovaik

Labels
None yet
Projects
None yet
Milestone
0.9.0
Development

No branches or pull requests
5 participants
@glebfox @alexbudarov @natfirst @GlebDurygin @lovtsovaik