Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
UI rights do not check for user resolver filters #1496
What did you try to do?
Display UI rights correctly according to policies and their filters.
What outcome did you expect?
When logging to the UI, users in resolverX should see assign option in the menu. Users in resolverY should not see assign option in the UI.
What outcome did you experience?
Users in both resolvers of realmA see the assign option. Although when actually self-assigning a token, it will fail for user in resolverY.
I checked this method and it seems that we do not pass the resolver info when checking for UI rights, and may result in the described outcome?
This is not a very critical bug. However, it affects user experience and causes some confusion. It would be nice to have it adjusted!
Well, works as programmed! ;-)
But in this case you are right!
We should change it like this:
if scope == SCOPE.ADMIN: adminrealm = realm logged_in_user["role"] = ROLE.ADMIN if adminrealm: # internal admins can not be resolved user = User(username, adminrealm) resolver = user.resolver elif scope == SCOPE.USER: userrealm = realm logged_in_user["role"] = ROLE.USER resolver = User(username, userrealm).resolver
Then we can use the