Ahyoung Ryu created ZEPPELIN-1718:
-------------------------------------
Summary: Should prevent to set permission by anonymous user
Key: ZEPPELIN-1718
URL: https://issues.apache.org/jira/browse/ZEPPELIN-1718
Project: Zeppelin
Issue Type: Bug
Affects Versions: 0.6.2
Reporter: Ahyoung Ryu
Assignee: Ahyoung Ryu
Fix For: 0.7.0
Currently anonymous user can do something in permission menus(note permission,
interpreter owner setting).
e.g. the anonymous user can type "admin" / "user1" to the note permission
setting fields. Or the anonymous user can remove "Owners" in the interpreter
menu by editing it since we don't check the user's principal for this.
It doesn't make sense actually. At least we should disallow the
non-authenticated users by deactivating those permission related features i
think.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
