Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inactive tenant - should not be allowed to login with an appropriate message #4058

Open
4 of 16 tasks
lbathina opened this issue Oct 31, 2019 · 3 comments
Open
4 of 16 tasks

Inactive tenant - should not be allowed to login with an appropriate message #4058

lbathina opened this issue Oct 31, 2019 · 3 comments
Labels
improvement The functionality exists but it could be improved in some way. Traffic Ops related to Traffic Ops

Comments

@lbathina
Copy link

I'm submitting a ...

  • bug report
  • new feature / enhancement request
  • improvement request (usability, performance, tech debt, etc.)
  • other

Traffic Control components affected ...

  • CDN in a Box
  • Documentation
  • Grove
  • Traffic Control Client
  • Traffic Monitor
  • Traffic Ops
  • Traffic Ops ORT
  • Traffic Portal
  • Traffic Router
  • Traffic Stats
  • Traffic Vault
  • unknown

Current behavior:

Currently an user of an inactive tenant is able to login and POST , GET and DELETE
ideally POST and DELETE currently return a 500 - another bug raised for it
GET - returns 200 with no items

Expected / new behavior:

instead its pretty easy and straight to have the user not to login with appropriate message saying their tenancy or parent tenancy has been inactive and need to be active to login

Minimal reproduction of the problem with instructions:

Anything else:
@mitchell852
Copy link
Member

I think we need a bigger discussion of what tenant.active=false is supposed to do. Should it:

  1. set all child tenants active=false as well?
  2. prevent all users of that tenant from login? or is login restriction to be only determined by role. i.e. role == disallowed is the only way to prevent a user from logging in.
  3. prevent api calls to all tenantable routes of the inactive tenant? Examples:

PUT /deliverservices/42 where 42 is a ds in an inactive tenant return a 400 or something?
PUT /users/88 where 88 is a user in an inactive tenant return a 400 or something?
PUT /tenants/22 where 22 is an inactive tenant return a 400 or something?

what should GET /deliveryservices return if I am part of an inactive tenant? empty array or a 400?

The point is, until we determine the intent of tenant.active, it is hard to say what works and what doesn't work.

@ocket8888
Copy link
Contributor

"Currently an user of an inactive tenant is able to login and POST , GET and DELETE"
"ideally POST and DELETE currently return a 500 - another bug raised for it"
"GET - returns 200 with no items"

Are you saying that specifically it's a problem that users within an inactive Tenant can make POST, GET and DELETE requests to the API? What paths for POST and DELETE are giving 500s? Is that ideal or a bug? What GET is returning an a 200 with no items?

@ocket8888 ocket8888 added improvement The functionality exists but it could be improved in some way. Traffic Ops related to Traffic Ops labels Oct 31, 2019
@mitchell852
Copy link
Member

i kind of feel like the tenant.active field should simply be removed for now as it appears to have no purpose.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
improvement The functionality exists but it could be improved in some way. Traffic Ops related to Traffic Ops
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mitchell852 @ocket8888 @lbathina