https://tracker.ceph.com/https://tracker.ceph.com/favicon.ico2018-10-08T12:09:01ZCeph Dashboard - Bug #25094: mgr/dashboard: Only list tasks that user is authorized to seehttps://tracker.ceph.com/issues/25094?journal_id=1222422018-10-08T12:09:01ZRicardo Marquesrimarques@suse.com
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-10 priority-4 priority-default closed" href="/issues/36328">Bug #36328</a>: Roles: issues</i> added</li></ul> Dashboard - Bug #25094: mgr/dashboard: Only list tasks that user is authorized to seehttps://tracker.ceph.com/issues/25094?journal_id=1236812018-10-29T10:02:53ZRicardo Diasrdias@suse.com
<ul></ul><p>To fix the bug described in this issue we need to dynamically verify the user permissions and filter the task list accordingly.<br />We already preform dynamic checks of user permissions in other controllers, such as in "controllers/summary.py" or in "controllers/dashboard.py".</p>
<p>Each task has always a name, usually of the form "component/action" (e.g., "rbd/create", "pool/delete"). We can use the component name, and action name, to decide which security scope and kind of permission to use for querying the user permissions. For instance, for the task with the "rbd/create" name we should only include it the tasks list if the condition "self._has_permissions(Permission.CREATE, Scope.RBD_IMAGE)" is true.</p> Dashboard - Bug #25094: mgr/dashboard: Only list tasks that user is authorized to seehttps://tracker.ceph.com/issues/25094?journal_id=1238662018-10-30T19:20:33ZTina Kallio
<ul><li><strong>Assignee</strong> set to <i>Tina Kallio</i></li></ul> Dashboard - Bug #25094: mgr/dashboard: Only list tasks that user is authorized to seehttps://tracker.ceph.com/issues/25094?journal_id=1250622018-11-23T12:03:16ZTina Kallio
<ul><li><strong>File</strong> <a href="/attachments/download/3825/recent%20notifications.png">recent notifications.png</a> <a class="icon-only icon-magnifier" title="View" href="/attachments/3825/recent%20notifications.png">View</a> added</li><li><strong>Status</strong> changed from <i>New</i> to <i>In Progress</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>80</i></li></ul><p>Changes made to filter out task according to permission in task-list works.</p>
<p>However, if a user (regardless of permissions) log in to the same browser after another user, all events listed in "Recent notifications" from previous user are displayed. This includes but is not limited to finished tasks, see image. Note! This is not a problem when using a new browser.</p>
<p>Suggested to be treated seperatly, issue created:</p>
<p><a class="external" href="https://tracker.ceph.com/issues/37379">https://tracker.ceph.com/issues/37379</a></p> Dashboard - Bug #25094: mgr/dashboard: Only list tasks that user is authorized to seehttps://tracker.ceph.com/issues/25094?journal_id=1256982018-12-06T18:51:26ZTina Kallio
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Fix Under Review</i></li></ul><p><strong>PR</strong>: <a class="external" href="https://github.com/ceph/ceph/pull/25426">https://github.com/ceph/ceph/pull/25426</a></p> Dashboard - Bug #25094: mgr/dashboard: Only list tasks that user is authorized to seehttps://tracker.ceph.com/issues/25094?journal_id=1257292018-12-07T07:50:07ZTatjana Dehler
<ul><li><strong>Pull request ID</strong> set to <i>25426</i></li></ul> Dashboard - Bug #25094: mgr/dashboard: Only list tasks that user is authorized to seehttps://tracker.ceph.com/issues/25094?journal_id=1274502019-01-15T09:59:40ZLenz Grimmer
<ul><li><strong>Status</strong> changed from <i>Fix Under Review</i> to <i>Resolved</i></li><li><strong>Target version</strong> set to <i>v14.0.0</i></li></ul> Dashboard - Bug #25094: mgr/dashboard: Only list tasks that user is authorized to seehttps://tracker.ceph.com/issues/25094?journal_id=1274782019-01-15T14:09:49ZTina Kallio
<ul><li><strong>% Done</strong> changed from <i>80</i> to <i>100</i></li></ul> Dashboard - Bug #25094: mgr/dashboard: Only list tasks that user is authorized to seehttps://tracker.ceph.com/issues/25094?journal_id=1909512021-04-15T17:21:02ZErnesto Puerta
<ul><li><strong>Project</strong> changed from <i>mgr</i> to <i>Dashboard</i></li><li><strong>Category</strong> changed from <i>132</i> to <i>General</i></li></ul>