Project

General

Profile

Actions
Copy link

action #167818

closed

coordination #154768: [saga][epic][ux] State-of-art user experience for openQA

coordination #154771: [epic] Improved test developer user experience

Activity view access forbidden in Operator Mode size:S

Added by gpathak 2 months ago. Updated 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
mkittler
Category:
Regressions/Crashes
Target version:
Ready
Start date:
Due date:
% Done:

0%

Estimated time:
Tags:
reactive work

Description

Observation

While logged-in as an Operator and trying to access Activity View (https://openqa.opensuse.org/admin/activity_view) and OBS Sync (https://openqa.opensuse.org/admin/obs_rsync) results in "Forbidden" message in web browser.

Rest other menu options are accessible such as:

Acceptance criteria

  • AC1: The activity view is acessible by all logged in users that can have any activity.
  • AC2: The menu entry for the OBS Sync plugin is only visible to users that can access it.
  • AC3: The audit log is still only accessible by admins.

Suggestions

  • As the activity view relies on the audit log we need to change that implementation, e.g. provide a subset of the audit log composed of only the current user

Files

Download all files
Screenshot from 2024-10-07 11-12-04.png (13.7 KB) Screenshot from 2024-10-07 11-12-04.png gpathak, 2024-10-07 05:43
Screenshot from 2024-10-07 11-13-47.png (13.5 KB) Screenshot from 2024-10-07 11-13-47.png gpathak, 2024-10-07 05:44
Screenshot from 2024-10-07 11-14-45.png (21.6 KB) Screenshot from 2024-10-07 11-14-45.png gpathak, 2024-10-07 05:44
Actions
Copy link
 #1

Updated by gpathak 2 months ago · Edited

Activity view and OBS Sync access forbidden on o3 in Operator Mode

Actions
Copy link
 #2

Updated by okurz 2 months ago

  • Tags set to reactive work
  • Category set to Regressions/Crashes
  • Target version set to Ready
Actions
Copy link
 #3

Updated by mkittler 2 months ago

I suppose the activity view should be accessible by any registered user. The OBS rsync UI was on the other hand restricted on purpose to admins - so I would not just change that without checking why we chose the current access level in the first place.

Actions
Copy link
 #4

Updated by gpathak 2 months ago · Edited

Earlier it was user level access. After getting Operator level access, I can now access OBS Sync, but still getting "Forbidden" message when I click Activity View on both o3 and osd.

Actions
Copy link
 #5

Updated by mkittler 2 months ago

  • Status changed from New to In Progress
  • Assignee set to mkittler
Actions
Copy link
 #6

Updated by okurz 2 months ago

  • Parent task set to #154771
Actions
Copy link
 #7

Updated by mkittler 2 months ago

  • Status changed from In Progress to Feedback

The activity view relies on the audit log so we needed to make that accessible by operators as well, see https://github.com/os-autoinst/openQA/pull/5995.

I could not reproduce the problem that the OBS Sync plugin is inaccessible by operators. However, it is in fact inaccessible by normal users. I think that makes sense to simply hide the link if the user is no operator. PR: https://github.com/os-autoinst/openQA/pull/5996

Actions
Copy link
 #8

Updated by okurz 2 months ago

  • Subject changed from Activity view access forbidden in Operator Mode to Activity view access forbidden in Operator Mode size:S
  • Description updated (diff)
Actions
Copy link
 #9

Updated by okurz 2 months ago

  • Status changed from Feedback to Resolved
Actions
Copy link

Also available in: Atom PDF