Actions
Feature #24672
closedFeature #47765: mgr/dashboard: security improvements
mgr/dashboard: Prevent user from accessing unallowed pages
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
General
Target version:
-
% Done:
0%
Source:
Tags:
dashboard
Backport:
Reviewed:
Affected Versions:
Pull request ID:
Description
After the role management is available in Ceph Dashboard we should add a UI route guard to prevent the user from reaching pages that requires privileges that the user does not have.
Example:
If a user is configured with read-only access and navigate to the URL http://<HOST>:<PORT>/#/rgw/user/add, then a warning message/page should be displayed.
Updated by Lenz Grimmer almost 6 years ago
- Assignee deleted (
Lenz Grimmer) - Tags set to dashboard
Updated by Lenz Grimmer about 4 years ago
- Related to Bug #44237: mgr/dashboard: security: some system roles allow accessing sensitive information added
Updated by Lenz Grimmer about 4 years ago
- Translation missing: en.field_tag_list set to administration, security
Updated by Ernesto Puerta about 4 years ago
- Status changed from New to Closed
When accessing /rgw/user/add page with a user without those creds, 404 is displayed. It should? be a 403 (/rgw and /rgw/user result in a 403) though, but that sounds more a bug than a feature.
Closing.
Updated by Ernesto Puerta about 3 years ago
- Project changed from mgr to Dashboard
- Category changed from 132 to General
Actions