action #13858
closed[tools]read access (get) to all tables requires operators
0%
Description
All admin tables - media types, machines, test suites and job groups - requires users to have operators level authorization. However all of this info is visible anyway in job settings and vars.json.
I propose to allow anonymous read-only access to admin tables thus newcomers, and even regular contributors, don't have to get higher authorization to be able to dump upstream templates and load them to their own instance.
Updated by mkittler about 7 years ago
- Status changed from New to In Progress
- Assignee set to mkittler
Currently those tables are only accessible via the "Login" menu when already logged in. I guess this requires putting those menu entries in an extra menu.
Updated by okurz about 7 years ago
maybe start with making it not restricted but still in the same menu so that any logged in user can see these settings? Should be a good valid first step.
Updated by mkittler about 7 years ago
PR: https://github.com/os-autoinst/openQA/pull/1220
@okurz: This uses a second menu now. I didn't ignore your comment, just started to work on this before.
Updated by RBrownSUSE about 7 years ago
- Subject changed from read access (get) to all tables requires operators to [tools]read access (get) to all tables requires operators
Updated by okurz about 7 years ago
- Status changed from In Progress to Feedback
https://github.com/os-autoinst/openQA/pull/1220 merged. waiting for deployment and verification.
Updated by okurz about 7 years ago
I found the following issues:
- /admin/productlog has a retrigger button for users with no effect
- menu entries "assets", "workers", "api_help" yield "forbidden"
Updated by mkittler about 7 years ago
PR https://github.com/os-autoinst/openQA/pull/1271 to fix the issues has been merged. So we're back to waiting for deployment and verification.
Updated by mkittler about 7 years ago
- Status changed from Feedback to Resolved
Works in production, I tested accessing https://openqa.suse.de/admin/{workers,assets,productlog} and api_help without being logged in.