Add missing roles checks #1739
Merged
Add missing roles checks #1739
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(I included these fixes in openhab#1735 but extracted them in a stanalone PR because it's easier to review and a little more urgent.) As a result of the refactoring in openhab#1713, the operations annotated with `@RolesAllowed` containing `Role.USER` are not anymore automatically considered accessible to all users, regardless of their actual roles. 4 operations are therefore now denied to admins if they only have the `Role.ADMIN` role, as the first admininistrator is created only with that role the UI encounters unexpected access denied errors and breaks. (See openhab/openhab-webui#422). Closes openhab/openhab-webui#422. Signed-off-by: Yannick Schaus <github@schaus.net>
splatch
pushed a commit
to ConnectorIO/copybara-hab-core
that referenced
this pull request
Jul 11, 2023
(I included these fixes in openhab#1735 but extracted them in a stanalone PR because it's easier to review and a little more urgent.) As a result of the refactoring in openhab#1713, the operations annotated with `@RolesAllowed` containing `Role.USER` are not anymore automatically considered accessible to all users, regardless of their actual roles. 4 operations are therefore now denied to admins if they only have the `Role.ADMIN` role, as the first admininistrator is created only with that role the UI encounters unexpected access denied errors and breaks. (See openhab/openhab-webui#422). Closes openhab/openhab-webui#422. Signed-off-by: Yannick Schaus <github@schaus.net> GitOrigin-RevId: d262b6f
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
(I included these fixes in #1735 but extracted them in a stanalone
PR because it's easier to review and a little more urgent.)
As a result of the refactoring in #1713, the operations annotated with
@RolesAllowedcontainingRole.USERare not anymore automaticallyconsidered accessible to all users, regardless of their actual roles.
4 operations are therefore now denied to admins if they only have the
Role.ADMINrole, as the first admininistrator is created only withthat role the UI encounters unexpected access denied errors and breaks.
(See openhab/openhab-webui#422).
Closes openhab/openhab-webui#422.
Signed-off-by: Yannick Schaus github@schaus.net