You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "Jan Høydahl (Jira)" <ji...@apache.org> on 2023/02/21 13:20:00 UTC
[jira] [Resolved] (SOLR-15928) Hide/disable/dim menus and buttons in UI based on user permissions
[ https://issues.apache.org/jira/browse/SOLR-15928?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Høydahl resolved SOLR-15928.
--------------------------------
Fix Version/s: 9.2
Resolution: Fixed
> Hide/disable/dim menus and buttons in UI based on user permissions
> ------------------------------------------------------------------
>
> Key: SOLR-15928
> URL: https://issues.apache.org/jira/browse/SOLR-15928
> Project: Solr
> Issue Type: Improvement
> Components: Admin UI, security
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
> Fix For: 9.2
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> In SOLR-15776 we laid the foundation for authorization permission checks in UI by returning logged in permissions in /admin/system/info and adding a {{permissions.js}} file and a {{isPermitted()}} method to the admin UI.
> In this Jira we'll use this to decorate various parts of the UI so less privileged user won't get lots of 403 errors when clicking around. Here are some proposals:
> * Grey out and disable Cloud/Tree and Cloud/Graph menus if user does not have ZK_READ_PERM. Add a mouseover tooltip saying "You lack required role(s) for this"
> * Grey out and disable Cloud/Nodes if user does not have METRICS_READ permission. Alternatively (and perhaps better), adjust cloud.js so that it will not attempt fetching /admin/metrics at all, and instead return N/A or something for disk space, QPS etc.
> * Grey out and disable Threads menu if user does not have METRICS_READ_PERM. Add a mouseover tooltip saying "You lack required role(s) for this"
> * Grey out and disable "Add Collection" button if user lacks COLLECTION_EDIT_PERM and "Add Core" button if user lacks CORE_EDIT_PERM. Add tooltip
> * In Cores/Tree (cloud.html/cloud.js), we have already made clicking {{/security.json}} a NOOP if user lacks SECURITY_READ_PERM. However it would be nice if the right panel could display a helpful text.
> * Other screens, as suggested by https://docs.google.com/spreadsheets/d/1s2xokDxw9IkXr7ZA5n06RPDj6EwvpbsZ7zUeKpvRC3Q/edit#gid=0
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org