Project

General

Profile

Feature #24672

Feature #47765: mgr/dashboard: security improvements

mgr/dashboard: Prevent user from accessing unallowed pages

Added by Volker Theile over 4 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
General
Target version:
-
% Done:

0%

Source:
Tags:
dashboard
Backport:
Reviewed:
Affected Versions:
Pull request ID:

Description

After the role management is available in Ceph Dashboard we should add a UI route guard to prevent the user from reaching pages that requires privileges that the user does not have.

Example:
If a user is configured with read-only access and navigate to the URL http://<HOST>:<PORT>/#/rgw/user/add, then a warning message/page should be displayed.


Related issues

Related to Dashboard - Bug #44237: mgr/dashboard: security: some system roles allow accessing sensitive information Resolved

History

#1 Updated by Lenz Grimmer over 4 years ago

  • Assignee deleted (Lenz Grimmer)
  • Tags set to dashboard

#2 Updated by Ricardo Dias over 3 years ago

  • Status changed from New to 12

#3 Updated by Patrick Donnelly about 3 years ago

  • Status changed from 12 to New

#4 Updated by Lenz Grimmer almost 3 years ago

  • Related to Bug #44237: mgr/dashboard: security: some system roles allow accessing sensitive information added

#5 Updated by Lenz Grimmer almost 3 years ago

  • Tags set to administration, security

#6 Updated by Ernesto Puerta almost 3 years ago

  • Status changed from New to Closed

When accessing /rgw/user/add page with a user without those creds, 404 is displayed. It should? be a 403 (/rgw and /rgw/user result in a 403) though, but that sounds more a bug than a feature.

Closing.

#7 Updated by Ernesto Puerta over 2 years ago

  • Parent task set to #47765

#8 Updated by Ernesto Puerta almost 2 years ago

  • Project changed from mgr to Dashboard
  • Category changed from 132 to General

Also available in: Atom PDF