You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by "Ahyoung Ryu (JIRA)" <ji...@apache.org> on 2016/11/28 10:29:58 UTC

[jira] [Created] (ZEPPELIN-1718) Should prevent to set permission by anonymous user

Ahyoung Ryu created ZEPPELIN-1718:
-------------------------------------

             Summary: Should prevent to set permission by anonymous user
                 Key: ZEPPELIN-1718
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-1718
             Project: Zeppelin
          Issue Type: Bug
    Affects Versions: 0.6.2
            Reporter: Ahyoung Ryu
            Assignee: Ahyoung Ryu
             Fix For: 0.7.0


Currently anonymous user can do something in permission menus(note permission, interpreter owner setting). 

e.g. the anonymous user can type "admin" / "user1" to the note permission setting fields. Or the anonymous user can remove "Owners" in the interpreter menu by editing it since we don't check the user's principal for this. 

It doesn't make sense actually. At least we should disallow the non-authenticated users by deactivating those permission related features i think.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)