Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DRAFT: local users groups roles and permissions #19432

Draft
wants to merge 9 commits into
base: main
Choose a base branch
from
Draft

DRAFT: local users groups roles and permissions #19432

wants to merge 9 commits into from

Conversation

ghost
Copy link

@ghost ghost commented Jun 17, 2024
edited by ghost
Loading

Description

  • Users can be CRUD'ed (create, read, update and delete a role)
  • Groups can be CRUD'ed
  • Roles can be CRUD'ed
  • User can be
    • created
    • retrieved (one and all)
    • updated
    • deleted
  • Groups can be
    • created
    • retrieved (one and all)
    • updated
    • deleted
  • Users can
    • be added to a group
    • be removed from a group
  • All users of a group can be retrieved
  • Roles can be
    • added to users & groups
    • removed from users & groups
    • listed of users & groups
  • Permissions can be
    • added to roles
    • removed from roles
    • listed of roles

Related issues

https://github.com/camunda-cloud/identity/issues/2862
https://github.com/camunda-cloud/identity/issues/2863
https://github.com/camunda-cloud/identity/issues/2876
https://github.com/camunda-cloud/identity/issues/2888
https://github.com/camunda-cloud/identity/issues/2950

@github-actions github-actions bot added component/zeebe Related to the Zeebe component/team component/identity Related to the Identity component/team labels Jun 17, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 17, 2024
View reviewed changes
authentication/src/main/java/io/camunda/authentication/config/WebSecurityConfig.java
Comment on lines +59 to +62
return httpSecurity
.authorizeHttpRequests(
(authorizeHttpRequests) -> authorizeHttpRequests.anyRequest().permitAll())
.csrf(AbstractHttpConfigurer::disable)

Check failure

Code scanning / CodeQL

Disabled Spring CSRF protection High

CSRF vulnerability due to protection being disabled.
This was referenced Jun 17, 2024
Closed
Closed
@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

Steffen Pade seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
component/identity Related to the Identity component/team component/zeebe Related to the Zeebe component/team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@CLAassistant