You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficcontrol.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/08/03 19:17:00 UTC

[jira] [Commented] (TC-463) Delivery-service&User tenancy based access control - DS/User Assignment

    [ https://issues.apache.org/jira/browse/TC-463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16113328#comment-16113328 ] 

ASF GitHub Bot commented on TC-463:
-----------------------------------

Github user mitchell852 commented on a diff in the pull request:

    https://github.com/apache/incubator-trafficcontrol/pull/753#discussion_r129937967
  
    --- Diff: traffic_ops/app/lib/API/DeliveryServiceUser.pm ---
    @@ -31,6 +32,18 @@ sub delete {
             return $self->forbidden();
         }
     
    +    my $user = $self->db->resultset('TmUser')->find( { id => $user_id } );
    +    if ( !defined($user) ) {
    +        return $self->not_found();
    +    }
    +    my $tenant_utils = Utils::Tenant->new($self);
    +    my $tenants_data = $tenant_utils->create_tenants_data_from_db();
    +    if (!$tenant_utils->is_user_resource_accessible($tenants_data, $user->tenant_id)) {
    +        #no access to resource tenant
    +        return $self->forbidden();
    --- End diff --
    
    can you add forbidden messages?


> Delivery-service&User tenancy based access control - DS/User Assignment
> -----------------------------------------------------------------------
>
>                 Key: TC-463
>                 URL: https://issues.apache.org/jira/browse/TC-463
>             Project: Traffic Control
>          Issue Type: Improvement
>          Components: Traffic Ops
>            Reporter: Nir Sopher
>
> We have recently added "tenancy" to the project. 
> With tenancy, every resource have a tenant, where resource can be a delivery-service, a server (future) and even a user.
> We are now starting to enforce access-control based on the resource tenancy. A user can manage a resource only if the resource is under the user tenancy.
> This JIRA deals with another step of "delivery-service as a resource" as well as "user as a resource" - enforcing via the API access control on DS to User: The logged in user should have access to both the DS as well as the user assigned to it. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)