You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by "Ahyoung Ryu (JIRA)" <ji...@apache.org> on 2016/11/28 10:29:58 UTC
[jira] [Created] (ZEPPELIN-1718) Should prevent to set permission
by anonymous user
Ahyoung Ryu created ZEPPELIN-1718:
-------------------------------------
Summary: Should prevent to set permission by anonymous user
Key: ZEPPELIN-1718
URL: https://issues.apache.org/jira/browse/ZEPPELIN-1718
Project: Zeppelin
Issue Type: Bug
Affects Versions: 0.6.2
Reporter: Ahyoung Ryu
Assignee: Ahyoung Ryu
Fix For: 0.7.0
Currently anonymous user can do something in permission menus(note permission, interpreter owner setting).
e.g. the anonymous user can type "admin" / "user1" to the note permission setting fields. Or the anonymous user can remove "Owners" in the interpreter menu by editing it since we don't check the user's principal for this.
It doesn't make sense actually. At least we should disallow the non-authenticated users by deactivating those permission related features i think.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)