Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #24827: When we have a user without administrator role, the menu "Utilities" exist but leads to a 404 #5665

Open
wants to merge 2 commits into
base: branches/rudder/8.0
Choose a base branch
from
Open

Fixes #24827: When we have a user without administrator role, the menu "Utilities" exist but leads to a 404 #5665

wants to merge 2 commits into from

Conversation

ElaadF
Copy link
Member

@ElaadF ElaadF commented May 16, 2024
edited

https://issues.rudder.io/issues/24827
toto with technique_all right
image

@ElaadF ElaadF requested a review from VinceMacBuche May 16, 2024 13:47
fanf
fanf reviewed May 16, 2024
View reviewed changes
webapp/sources/rudder/rudder-web/src/main/scala/bootstrap/liftweb/Boot.scala Outdated
) /
"secure" / "utilities" / "index"
>> LocGroup("utilitiesGroup")
>> TestAccess(() => userIsAllowed("/secure/index", AuthorizationType.Administration.Read))).submenus(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

doesn't that will lock-out validator/etc who are not admin_read from accessing the change request validation screen ?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it should only be the removal of Technique Read rights, i think it was there when techique editor was below Utilities, a looooong time ago

@ElaadF ElaadF force-pushed the bug_24827/when_we_have_a_user_without_administrator_role_the_menu_utilities_exist_but_leads_to_a_404 branch from 88cc043 to 296be8f Compare May 23, 2024 08:22
@ElaadF
fixup! Work in progress
a960f63 
Fixes #24827: When we have a user without administrator role, the menu \"Utilities\" exist but leads to a 404
@ElaadF ElaadF force-pushed the bug_24827/when_we_have_a_user_without_administrator_role_the_menu_utilities_exist_but_leads_to_a_404 branch from 296be8f to a960f63 Compare May 23, 2024 08:27
@ElaadF
Copy link
Member Author

ElaadF commented May 23, 2024

PR updated with a new commit

@ElaadF
fixup! fixup! Work in progress
95259d1 
Fixes #24827: When we have a user without administrator role, the menu \"Utilities\" exist but leads to a 404
@ElaadF
Copy link
Member Author

ElaadF commented May 23, 2024

PR updated with a new commit

VinceMacBuche
VinceMacBuche reviewed Jun 7, 2024
View reviewed changes
webapp/sources/rudder/rudder-web/src/main/scala/bootstrap/liftweb/Boot.scala
>> TestAccess(() => {
userIsAllowed(
"/secure/index",
AuthorizationType.Administration.Read,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You still need to have workflow enabled checked. the menu should not appaear if workflow enabled is false and we don't have administrator Read. You'll still have the 404 in this case

This pr should only be removal of Technique.Read right

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fanf fanf fanf left review comments

@VinceMacBuche VinceMacBuche VinceMacBuche left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@ElaadF @fanf @VinceMacBuche