Project

General

Profile

Actions

Feature #24672

closed

Feature #47765: mgr/dashboard: security improvements

mgr/dashboard: Prevent user from accessing unallowed pages

Added by Volker Theile almost 6 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
General
Target version:
-
% Done:

0%

Source:
Tags:
dashboard
Backport:
Reviewed:
Affected Versions:
Pull request ID:

Description

After the role management is available in Ceph Dashboard we should add a UI route guard to prevent the user from reaching pages that requires privileges that the user does not have.

Example:
If a user is configured with read-only access and navigate to the URL http://<HOST>:<PORT>/#/rgw/user/add, then a warning message/page should be displayed.


Related issues 1 (0 open1 closed)

Related to Dashboard - Bug #44237: mgr/dashboard: security: some system roles allow accessing sensitive informationResolvedAlfonso Martínez

Actions
Actions #1

Updated by Lenz Grimmer almost 6 years ago

  • Assignee deleted (Lenz Grimmer)
  • Tags set to dashboard
Actions #2

Updated by Ricardo Dias almost 5 years ago

  • Status changed from New to 12
Actions #3

Updated by Patrick Donnelly over 4 years ago

  • Status changed from 12 to New
Actions #4

Updated by Lenz Grimmer over 4 years ago

  • Related to Bug #44237: mgr/dashboard: security: some system roles allow accessing sensitive information added
Actions #5

Updated by Lenz Grimmer over 4 years ago

  • Translation missing: en.field_tag_list set to administration, security
Actions #6

Updated by Ernesto Puerta about 4 years ago

  • Status changed from New to Closed

When accessing /rgw/user/add page with a user without those creds, 404 is displayed. It should? be a 403 (/rgw and /rgw/user result in a 403) though, but that sounds more a bug than a feature.

Closing.

Actions #7

Updated by Ernesto Puerta over 3 years ago

  • Parent task set to #47765
Actions #8

Updated by Ernesto Puerta about 3 years ago

  • Project changed from mgr to Dashboard
  • Category changed from 132 to General
Actions

Also available in: Atom PDF