You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "Jan Høydahl (Jira)" <ji...@apache.org> on 2023/02/16 15:57:00 UTC
[jira] [Commented] (SOLR-15928) Hide/disable/dim menus and buttons in UI based on user permissions
[ https://issues.apache.org/jira/browse/SOLR-15928?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17689815#comment-17689815 ]
Jan Høydahl commented on SOLR-15928:
------------------------------------
[~epugh] I made an attempt at greying out the "Add collection" button if you don't have the "modify-collection" permission, but my CSS skills did not suffice :) Do you have a hint?
> Hide/disable/dim menus and buttons in UI based on user permissions
> ------------------------------------------------------------------
>
> Key: SOLR-15928
> URL: https://issues.apache.org/jira/browse/SOLR-15928
> Project: Solr
> Issue Type: Improvement
> Components: Admin UI, security
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
>
> In SOLR-15776 we laid the foundation for authorization permission checks in UI by returning logged in permissions in /admin/system/info and adding a {{permissions.js}} file and a {{isPermitted()}} method to the admin UI.
> In this Jira we'll use this to decorate various parts of the UI so less privileged user won't get lots of 403 errors when clicking around. Here are some proposals:
> * Grey out and disable Cloud/Tree and Cloud/Graph menus if user does not have ZK_READ_PERM. Add a mouseover tooltip saying "You lack required role(s) for this"
> * Grey out and disable Cloud/Nodes if user does not have METRICS_READ permission. Alternatively (and perhaps better), adjust cloud.js so that it will not attempt fetching /admin/metrics at all, and instead return N/A or something for disk space, QPS etc.
> * Grey out and disable Threads menu if user does not have METRICS_READ_PERM. Add a mouseover tooltip saying "You lack required role(s) for this"
> * Grey out and disable "Add Collection" button if user lacks COLLECTION_EDIT_PERM and "Add Core" button if user lacks CORE_EDIT_PERM. Add tooltip
> * In Cores/Tree (cloud.html/cloud.js), we have already made clicking {{/security.json}} a NOOP if user lacks SECURITY_READ_PERM. However it would be nice if the right panel could display a helpful text.
> * Other screens, as suggested by https://docs.google.com/spreadsheets/d/1s2xokDxw9IkXr7ZA5n06RPDj6EwvpbsZ7zUeKpvRC3Q/edit#gid=0
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org