Feature #24672
Feature #47765: mgr/dashboard: security improvements
mgr/dashboard: Prevent user from accessing unallowed pages
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
General
Target version:
-
% Done:
0%
Source:
Tags:
dashboard
Backport:
Reviewed:
Affected Versions:
Pull request ID:
Description
After the role management is available in Ceph Dashboard we should add a UI route guard to prevent the user from reaching pages that requires privileges that the user does not have.
Example:
If a user is configured with read-only access and navigate to the URL http://<HOST>:<PORT>/#/rgw/user/add, then a warning message/page should be displayed.
Related issues
History
#1 Updated by Lenz Grimmer over 4 years ago
- Assignee deleted (
Lenz Grimmer) - Tags set to dashboard
#2 Updated by Ricardo Dias over 3 years ago
- Status changed from New to 12
#3 Updated by Patrick Donnelly about 3 years ago
- Status changed from 12 to New
#4 Updated by Lenz Grimmer almost 3 years ago
- Related to Bug #44237: mgr/dashboard: security: some system roles allow accessing sensitive information added
#5 Updated by Lenz Grimmer almost 3 years ago
- Tags set to administration, security
#6 Updated by Ernesto Puerta almost 3 years ago
- Status changed from New to Closed
When accessing /rgw/user/add page with a user without those creds, 404 is displayed. It should? be a 403 (/rgw and /rgw/user result in a 403) though, but that sounds more a bug than a feature.
Closing.
#7 Updated by Ernesto Puerta over 2 years ago
- Parent task set to #47765
#8 Updated by Ernesto Puerta almost 2 years ago
- Project changed from mgr to Dashboard
- Category changed from 132 to General