Project

General

Profile

action #13858

[tools]read access (get) to all tables requires operators

Added by oholecek over 5 years ago. Updated about 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Feature requests
Target version:
Start date:
2016-09-21
Due date:
% Done:

0%

Estimated time:
Difficulty:

Description

All admin tables - media types, machines, test suites and job groups - requires users to have operators level authorization. However all of this info is visible anyway in job settings and vars.json.

I propose to allow anonymous read-only access to admin tables thus newcomers, and even regular contributors, don't have to get higher authorization to be able to dump upstream templates and load them to their own instance.

History

#1 Updated by oholecek over 5 years ago

  • Category set to 168

#2 Updated by okurz over 5 years ago

  • Target version set to Milestone 6

#3 Updated by mkittler over 5 years ago

  • Status changed from New to In Progress
  • Assignee set to mkittler

Currently those tables are only accessible via the "Login" menu when already logged in. I guess this requires putting those menu entries in an extra menu.

#4 Updated by okurz over 5 years ago

maybe start with making it not restricted but still in the same menu so that any logged in user can see these settings? Should be a good valid first step.

#5 Updated by mkittler over 5 years ago

PR: https://github.com/os-autoinst/openQA/pull/1220

okurz: This uses a second menu now. I didn't ignore your comment, just started to work on this before.

#6 Updated by RBrownSUSE about 5 years ago

  • Subject changed from read access (get) to all tables requires operators to [tools]read access (get) to all tables requires operators

#7 Updated by okurz about 5 years ago

  • Status changed from In Progress to Feedback

https://github.com/os-autoinst/openQA/pull/1220 merged. waiting for deployment and verification.

#8 Updated by coolo about 5 years ago

it's deployed

#9 Updated by okurz about 5 years ago

I found the following issues:

  • /admin/productlog has a retrigger button for users with no effect
  • menu entries "assets", "workers", "api_help" yield "forbidden"

#10 Updated by mkittler about 5 years ago

PR https://github.com/os-autoinst/openQA/pull/1271 to fix the issues has been merged. So we're back to waiting for deployment and verification.

#11 Updated by mkittler about 5 years ago

  • Status changed from Feedback to Resolved

Works in production, I tested accessing https://openqa.suse.de/admin/{workers,assets,productlog} and api_help without being logged in.

Also available in: Atom PDF