Jan Høydahl created SOLR-15928:
----------------------------------
Summary: Hide/disable/dim menus and buttons in UI based on user
permissions
Key: SOLR-15928
URL: https://issues.apache.org/jira/browse/SOLR-15928
Project: Solr
Issue Type: Improvement
Security Level: Public (Default Security Level. Issues are Public)
Reporter: Jan Høydahl
In SOLR-15776 we laid the foundation for authorization permission checks in UI
by returning logged in permissions in /admin/system/info and adding a
{{permissions.js}} file and a {{isPermitted()}} method to the admin UI.
In this Jira we'll use this to decorate various parts of the UI so less
privileged user won't get lots of 403 errors when clicking around. Here are
some proposals:
* Grey out and disable Cloud/Tree and Cloud/Graph menus if user does not have
ZK_READ_PERM. Add a mouseover tooltip saying "You lack required role(s) for
this"
* Grey out and disable Cloud/Nodes if user does not have METRICS_READ
permission. Alternatively (and perhaps better), adjust cloud.js so that it will
not attempt fetching /admin/metrics at all, and instead return N/A or something
for disk space, QPS etc.
* Grey out and disable Threads menu if user does not have METRICS_READ_PERM.
Add a mouseover tooltip saying "You lack required role(s) for this"
* Grey out and disable "Add Collection" button if user lacks
COLLECTION_EDIT_PERM and "Add Core" button if user lacks CORE_EDIT_PERM. Add
tooltip
* In Cores/Tree (cloud.html/cloud.js), we have already made clicking
{{/security.json}} a NOOP if user lacks SECURITY_READ_PERM. However it would be
nice if the right panel could display a helpful text.
* Other screens, as suggested by
https://docs.google.com/spreadsheets/d/1s2xokDxw9IkXr7ZA5n06RPDj6EwvpbsZ7zUeKpvRC3Q/edit#gid=0
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
