New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add non-privileged user role #405

Merged
merged 7 commits into from Feb 27, 2018

Conversation

Projects
3 participants
@strangeman
Collaborator

strangeman commented Jul 26, 2017

Fix for #318 and #198

I added admin property for User. By default, all users after migration will be Admins (for backward compatibility).

Non-Admin Users can:

  • Change his own information (login, email, name, password, alert flag), except Admin flag
  • View all users list

Non-Admin Users can't (will get 401 Unauthorized when trying):

  • Add a new user
  • Edit another user
  • Delete another user

I hide 'add user' button and user editing dialog for Non-Admin User. The first user, created by setup, have admin privileges. Also, I improved User List page, by adding all flags (Admin, Alert, External) to id.

@twhiston

great feature. Please see the very minor change requests

Show outdated Hide outdated api/users.go
@@ -143,7 +143,7 @@ func doSetup() int {
user.Password = readNewline(" > Password: ", stdin)
pwdHash, _ := bcrypt.GenerateFromPassword([]byte(user.Password), 11)
if _, err := db.Mysql.Exec("insert into user set name=?, username=?, email=?, password=?, created=UTC_TIMESTAMP()", user.Name, user.Username, user.Email, pwdHash); err != nil {
if _, err := db.Mysql.Exec("insert into user set name=?, username=?, email=?, password=?, admin=1, created=UTC_TIMESTAMP()", user.Name, user.Username, user.Email, pwdHash); err != nil {

This comment has been minimized.

@twhiston

twhiston Feb 16, 2018

Member

do we have to have admin as default? I would guess most people would prefer admin not to be the default user mode (especially in enterprise usage)

@twhiston

twhiston Feb 16, 2018

Member

do we have to have admin as default? I would guess most people would prefer admin not to be the default user mode (especially in enterprise usage)

This comment has been minimized.

@strangeman

strangeman Feb 16, 2018

Collaborator

I think, the first system user always should be an admin. That code executes only for initial setup of Semaphore.

@strangeman

strangeman Feb 16, 2018

Collaborator

I think, the first system user always should be an admin. That code executes only for initial setup of Semaphore.

Show outdated Hide outdated db/versionHistory.go

@twhiston twhiston added this to In Progress / In Review in 2.5.0 Feb 16, 2018

@twhiston

This comment has been minimized.

Show comment
Hide comment
@twhiston

twhiston Feb 16, 2018

Member

Would it be possible to also take care of #158 in this pull request and add some extra authentication against log deletion for non admin users (if it's totally out of scope no worries)

Member

twhiston commented Feb 16, 2018

Would it be possible to also take care of #158 in this pull request and add some extra authentication against log deletion for non admin users (if it's totally out of scope no worries)

@strangeman

This comment has been minimized.

Show comment
Hide comment
@strangeman

strangeman Feb 16, 2018

Collaborator

@twhiston all done :)

Collaborator

strangeman commented Feb 16, 2018

@twhiston all done :)

Show outdated Hide outdated api/users.go
Show outdated Hide outdated public/html/users/user.pug
Show outdated Hide outdated api/tasks/http.go
@twhiston

This comment has been minimized.

Show comment
Hide comment
@twhiston

twhiston Feb 18, 2018

Member

looks really good. Another couple of small things and fixing a missing import and this is good to go. Thanks very much for your work

Member

twhiston commented Feb 18, 2018

looks really good. Another couple of small things and fixing a missing import and this is good to go. Thanks very much for your work

@twhiston

I feel like a real tyrant to keep asking you for these tiny changes to sentences, but it would be great if we can make it correct and consistent everywhere. Then I promise this PR is done!

Show outdated Hide outdated api/users.go
Show outdated Hide outdated api/users.go
Show outdated Hide outdated api/users.go
Show outdated Hide outdated api/users.go
Show outdated Hide outdated api/tasks/http.go
@strangeman

This comment has been minimized.

Show comment
Hide comment
@strangeman

strangeman Feb 20, 2018

Collaborator

All done. I need to take some lessons with an English teacher, instead of watching Netflix shows. :)

Collaborator

strangeman commented Feb 20, 2018

All done. I need to take some lessons with an English teacher, instead of watching Netflix shows. :)

@twhiston twhiston moved this from In Progress / In Review to Done in 2.5.0 Feb 21, 2018

@twhiston twhiston merged commit 0fceedb into ansible-semaphore:develop Feb 27, 2018

1 check passed

ci/circleci Your tests passed on CircleCI!
Details

2.5.0 automation moved this from Done to Merged Feb 27, 2018

@twhiston twhiston removed the needs work label Feb 27, 2018

@vaol

This comment has been minimized.

Show comment
Hide comment
@vaol

vaol Sep 12, 2018

I have just installed Semaphore v2.5.1 and I am still facing the same problem as reported in #198. I would need some user to only have the permission to run some templates, but not update or delete them.
Is it something possible to achieve ?

vaol commented Sep 12, 2018

I have just installed Semaphore v2.5.1 and I am still facing the same problem as reported in #198. I would need some user to only have the permission to run some templates, but not update or delete them.
Is it something possible to achieve ?

@strangeman

This comment has been minimized.

Show comment
Hide comment
@strangeman

strangeman Sep 12, 2018

Collaborator

@vaol please check user settings ('Admin user' checkbox):
2018-09-12-185213_1366x768_scrot

Collaborator

strangeman commented Sep 12, 2018

@vaol please check user settings ('Admin user' checkbox):
2018-09-12-185213_1366x768_scrot

@vaol

This comment has been minimized.

Show comment
Hide comment
@vaol

vaol Sep 12, 2018

Thank you for answering so quickly !
Here is my config :
image
image

And still I can delete a template when I am connected as user "demo"

vaol commented Sep 12, 2018

Thank you for answering so quickly !
Here is my config :
image
image

And still I can delete a template when I am connected as user "demo"

@strangeman

This comment has been minimized.

Show comment
Hide comment
@strangeman

strangeman Sep 12, 2018

Collaborator

Ugh, sorry, I confused different roles mechanisms. launch-only users still not implemented. I made the PR some time ago, but it was not too good: #413
If you're ok with Go, you may adapt the code from that PR

Collaborator

strangeman commented Sep 12, 2018

Ugh, sorry, I confused different roles mechanisms. launch-only users still not implemented. I made the PR some time ago, but it was not too good: #413
If you're ok with Go, you may adapt the code from that PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment