Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(permissions): alpha role has all full features #10241

Merged
merged 10 commits into from
Jul 27, 2020
Merged

fix(permissions): alpha role has all full features #10241

merged 10 commits into from
Jul 27, 2020

Conversation

dpgaspar
Copy link
Member

@dpgaspar dpgaspar commented Jul 3, 2020
edited
Loading

SUMMARY

Currently Alpha role does not include the "Manage" menu and it's sub items. But user's still have underlying access to the ModelView's that are included on the "Manager" menu. This PR proposes adding "Manage" menu and their sub items to the "Alpha" Role, making it an "All features included" role, except for security and SQLLab.

ADDITIONAL INFORMATION

  • Has associated issue:
  • Changes UI
  • Requires DB Migration.
  • Confirm DB Migration upgrade and downgrade tested.
  • Introduces new feature or API
  • Removes existing feature or API

@mistercrunch
Copy link
Member

By adding the MVs in ADMIN_ONLY_VIEW_MENUS you're removing access to Alpha and Gamma. I don't think that's what we want

@dpgaspar
Copy link
Member Author

dpgaspar commented Jul 3, 2020
edited
Loading

That was my objective, since by removing the "Manage" menu item, it's kind of implied the user does not have access to the AnnotationsLayerModelView, CssTemplateModelView, QueryView but he does.

But seems like we are using the old API for the annotations. Would be awesome to instead of removing we would add the "Manager" menu item to Alpha, that would make it more consistent, and inline with the idea that an Alpha user has access to all features except security

@mistercrunch
Copy link
Member

I think users still access the API in some other ways though (dashboard / explore / SQL Lab), we'd have to check/confirm whether they hit the modelview endpoints or not.

@dpgaspar dpgaspar marked this pull request as ready for review July 17, 2020 14:25
@dpgaspar
Copy link
Member Author

dpgaspar commented Jul 17, 2020
edited
Loading

@mistercrunch , I've reverted the direction here. I'm adding the Manage menu and it's subitems to the alpha role. What do you think?

@mistercrunch
Copy link
Member

+1 on a unit test, do we have a doc somewhere that give an idea of what Gamma is? Also should have a notice pointing to this PR in UPDATING.md

@dpgaspar
Copy link
Member Author

Good points, I'll add both. I think we don't have a doc describing what roles are, I'll create one on the docs if it does not exist

@mistercrunch mistercrunch added the authentication:RBAC Related to RBAC label Jul 24, 2020
@dpgaspar dpgaspar requested a review from bkyryliuk July 27, 2020 02:06
villebro
villebro approved these changes Jul 27, 2020
View reviewed changes
Copy link
Member

@villebro villebro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with the scope of Alpha permissions. This also needs a rebase.

@dpgaspar dpgaspar changed the title fix(permissions): alpha role is inconsistent fix(permissions): alpha role has all full features Jul 27, 2020
@dpgaspar dpgaspar merged commit 562012c into apache:master Jul 27, 2020
@dpgaspar dpgaspar deleted the fix/alpha-perms branch July 27, 2020 09:32
auxten pushed a commit to auxten/incubator-superset that referenced this pull request Nov 20, 2020
@dpgaspar @auxten
fix(permissions): alpha role has all full features (apache#10241)
25f5ed4 
* fix(permissions): alpha role is inconsistent

* reverse and allow Alpha to access manager menu

* Bump FAB to 3.0.1rc1 to include del permission fix

* add docs, tests and UPDATING

* EOL

* Fix query view for Alpha
@mistercrunch mistercrunch added 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 0.38.0 labels Mar 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@villebro villebro villebro approved these changes

@mistercrunch mistercrunch mistercrunch approved these changes

@john-bodley john-bodley Awaiting requested review from john-bodley

@bkyryliuk bkyryliuk Awaiting requested review from bkyryliuk

Assignees
No one assigned
Labels
authentication:RBAC Related to RBAC 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels size/M 🚢 0.38.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dpgaspar @mistercrunch @bkyryliuk @villebro