Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SOLR-16621: Admin UI fails to grant user permissions with wildcard role #1294

Merged
merged 1 commit into from Jan 20, 2023
Merged

SOLR-16621: Admin UI fails to grant user permissions with wildcard role #1294

merged 1 commit into from Jan 20, 2023

Conversation

janhoy
Copy link
Contributor

@janhoy janhoy commented Jan 17, 2023

https://issues.apache.org/jira/browse/SOLR-16621

Always grant access to a permission that has has the wildcard "*" role, no matter what roles user has.
Note, this is not the same as not requiring authentication for the permission, "roles": null. It means that the permission needs an authenticated user, but any role will do.

Also, this is just UI stuff so will not modify actual permissions on the API level, but will align role checking logic so it matches that of the backend.

To test:

  1. Start Solr and enable security 
    ./gradlew dev
cd solr/packaging/build/dev/
bin/solr start -c
bin/solr auth enable -credentials solr:solr -blockUnknown true
  2. Log in to Admin UI with 'solr' and 'solr': http://localhost:8983/solr/#/~security
  3. Edit the permissions 'security-edit' and 'security-read' to have * as role
  4. The user can still see the Security Dashboard and edit permissions

(To confirm the bug, do the same test on main branch and see that user is blocked from security dashboard once the permissions are changed to role=*).

@janhoy
Copy link
Contributor Author

janhoy commented Jan 17, 2023

@thelabdude I see some duplicate logic in the permission check for Security Dash. I believe you could have used the function isPermitted() already defined in app.js, see https://github.com/apache/solr/blob/main/solr/webapp/web/js/angular/app.js#L528-L533 ?

@janhoy janhoy mentioned this pull request Jan 17, 2023
Merged
@janhoy janhoy merged commit 6ba00a4 into apache:main Jan 20, 2023
@janhoy janhoy deleted the SOLR-16621-admin-ui-role-check branch January 20, 2023 08:38
janhoy added a commit that referenced this pull request Jan 20, 2023
@janhoy
SOLR-16621: Admin UI fails to grant user permissions that have wildca…
add816a 
…rd role (#1294)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@risdenk risdenk risdenk approved these changes

@epugh epugh Awaiting requested review from epugh

@dsmiley dsmiley Awaiting requested review from dsmiley

@thelabdude thelabdude Awaiting requested review from thelabdude

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@janhoy @risdenk