New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ZEPPELIN-987] Enable user to secure interpreter setting, credentials and configurations info #993
Conversation
a4d9dbf
to
707527a
Compare
@AhyoungRyu is this still a work in progress ? Otherwise LGTM. |
@prabhjyotsingh No, I'm just waiting some reviews. I'm not sure that i understood your comment correctly,
I just wanted to make even if some users are already defined in |
I was thinking if all of these 3 Interpreter, Credentials, and Configuration menu can be hidden, like the way they are hidden in case of user not loggedin. |
@prabhjyotsingh Yeah it makes sense. It would be better. Let me figure out it then :) |
@AhyoungRyu If you can come to an implementation that fits @prabhjyotsingh good idea, it would be great if you could make it |
@echarles Yes. Thanks for your suggestion ! :) |
@AhyoungRyu Still working on this? |
f2c6111
to
b215364
Compare
@prabhjyotsingh Sorry for my late response. Even if they don't have permission to those menus( |
Sure this will work. Thanks for the fix. |
@@ -60,10 +60,14 @@ role2 = * | |||
role3 = * | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add one more role admin i.e. admin = *
here, so that other user can also use that role.
@prabhjyotsingh Thanks for your feedback. I addressed it :) |
LGTM! |
@prabhjyotsingh i'll rebase after #1100 merged and add the alert message to credential page as well :) |
@prabhjyotsingh Since #1100 was merged into master, I updated |
Tested on both firefox and chrome. Works well. 👍 |
Merging this if no more discussion. |
… and configurations info ### What is this PR for? For some user cases, people might want to hide **Interpreter Setting**, **Credentials** and **Configurations** information to other users (who are defined in `conf/shiro.ini`). So I added ``` #/api/interpreter/** = authc, roles[admin] #/api/configurations/** = authc, roles[admin] #/api/credential/** = authc, roles[admin] ``` below the [ [urls] ](https://github.com/apache/zeppelin/blob/master/conf/shiro.ini#L38) section. This issue was originally suggested at [Zeppelin user mailing list](https://mail-archives.apache.org/mod_mbox/zeppelin-users/201606.mbox/%3CCAPgU7Y%3DBJrXQ_P0ond4PTukoya0FEjwoPuUb31iN3qwo8iyM1Q%40mail.gmail.com%3E) by TomNorden ### What type of PR is it? Improvement | Documentation ### Todos * [x] - Add `interpreter`, `credential` and `configuration` url to `conf/shiro.ini` * [x] - Update `shiroauthentication.md` for this change * [x] - Redirect to home with ngToast error message when status is `401` * [x] - Rebase after apache#1100 merged and add error message to `Credential` menu as well ### What is the Jira issue? [ZEPPELIN-987](https://issues.apache.org/jira/browse/ZEPPELIN-987) ### How should this be tested? 1. Apply this patch and restart Zeppelin 2. Login with `admin` and `password1` 3. Go to interpreter, credential and configuration tab -> You can see all of the information in each tabs 4. Logout -> Login again with `user1` and `password2` 5. Go to interpreter, credential and configuration tab -> In this time, you can't see all of the information in each tabs ### Screenshots (if appropriate) - When you login with `user1` (doesn't have permission to see the interpreter, credential and cofiguration info) - interpreter menu ![interpreters](https://cloud.githubusercontent.com/assets/10060731/16708520/bedc8732-4631-11e6-938c-ff41d1fbab93.gif) - configuration menu ![configurations](https://cloud.githubusercontent.com/assets/10060731/16708525/ce5eb7c0-4631-11e6-9f36-8b97e2b7914a.gif) - credential menu ![credential-after](https://cloud.githubusercontent.com/assets/10060731/16726180/e56cfa52-4795-11e6-9a5d-740681092e96.gif) - `shiroauthentication.md` <img width="807" alt="screen shot 2016-06-10 at 12 25 02 pm" src="https://cloud.githubusercontent.com/assets/10060731/15976949/a49bc542-2f0a-11e6-8869-8575ba8f1875.png"> ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? Yes, so I updated. Author: AhyoungRyu <fbdkdud93@hanmail.net> Closes apache#993 from AhyoungRyu/ZEPPELIN-987 and squashes the following commits: 1d291ac [AhyoungRyu] Redirect to home when unauthorized user click 'credentials' 5896c12 [AhyoungRyu] Revert shiro setting 4411188 [AhyoungRyu] Address @prabhjyotsingh feedback 5c9242c [AhyoungRyu] Redirect to home with error message when status is 401 2a054d4 [AhyoungRyu] Add interpreter, credential and configuration urls to shiro.ini d3a81d5 [AhyoungRyu] Update shiro authentication docs 8be7970 [AhyoungRyu] Change authcBasic -> authc
What is this PR for?
For some user cases, people might want to hide Interpreter Setting, Credentials and Configurations information to other users (who are defined in
conf/shiro.ini
). So I addedbelow the [urls] section.
This issue was originally suggested at Zeppelin user mailing list by @TomNorden
What type of PR is it?
Improvement | Documentation
Todos
interpreter
,credential
andconfiguration
url toconf/shiro.ini
shiroauthentication.md
for this change401
Credential
menu as wellWhat is the Jira issue?
ZEPPELIN-987
How should this be tested?
admin
andpassword1
user1
andpassword2
Screenshots (if appropriate)
user1
(doesn't have permission to see the interpreter, credential and cofiguration info)shiroauthentication.md
Questions: