Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict user profile write acces to owner and super user #688

Merged
merged 1 commit into from
Oct 27, 2022
Merged

Restrict user profile write acces to owner and super user #688

merged 1 commit into from
Oct 27, 2022

Conversation

rszwajko
Copy link
Member

Before, every admin user has full write access to user profiles of other users.
After this patch only super users will be able to modify user profiles of other users.
Admin users will have read only access.

@rszwajko rszwajko mentioned this pull request Sep 29, 2022
Merged
@rszwajko
Copy link
Member Author

/ost

sgratch
sgratch reviewed Sep 30, 2022
View reviewed changes
Copy link
Member

@sgratch sgratch left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rszwajko LGTM
The only missing part is handling the UI side for the new account settings tab by displaying a popup error message in case of a non superuser trying to delete for someone else, e.g.

image

@sgratch sgratch added the UX label Oct 1, 2022
@rszwajko
Copy link
Member Author

rszwajko commented Oct 4, 2022

@sgratch
Similar as other errors on this screen this is handled by the notifications system (see below)
image

@rszwajko
Copy link
Member Author

rszwajko commented Oct 4, 2022

The functionality can be tested without PR #130 via REST API

curl -v \
--request DELETE \
--header 'Version: 4' \
--header 'Accept: application/xml' --header 'Content-Type: application/xml' \
--user "adminNotSuperUser@internal:password" \
{server}/ovirt-engine/api/users/{other_user_id}/options/{some_option_id}

Example result:

<fault>
    <detail>[User is not authorized to perform this action.]</detail>
    <reason>Operation Failed</reason>
</fault>

@rszwajko rszwajko marked this pull request as ready for review October 4, 2022 16:36
@rszwajko rszwajko requested a review from sjd78 October 4, 2022 16:37
@sgratch
Copy link
Member

sgratch commented Oct 6, 2022

@rszwajko other such errors of "User is not authorized to perform this action" generated by the Administration->Users dialog are displayed using a popup error message. Why not running the same for this new tab?

@rszwajko
Copy link
Member Author

rszwajko commented Oct 6, 2022

@sgratch

other such errors of "User is not authorized to perform this action" generated by the Administration->Users dialog are displayed using a popup error message. Why not running the same for this new tab?

This comment applies to error handling in PR #130. In March we discussed this topic and apart of wording there were no issues raised.
In Web Admin we have either default (generic) error handlers or custom handlers. On the screen added in PR #130 we are using a custom error handler.

sgratch
sgratch reviewed Oct 6, 2022
View reviewed changes
Copy link
Member

@sgratch sgratch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rszwajko comments regarding the tests, except that LGTM

@rszwajko rszwajko force-pushed the superUserModify branch 2 times, most recently from 1f4af9f to 13a5850 Compare October 12, 2022 13:02
@rszwajko
Copy link
Member Author

/ost

@rszwajko
Copy link
Member Author

/ost

@sgratch sgratch merged commit f759f54 into oVirt:master Oct 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ljelinkova ljelinkova ljelinkova approved these changes

@sgratch sgratch sgratch approved these changes

@ahadas ahadas Awaiting requested review from ahadas ahadas is a code owner

@bennyz bennyz Awaiting requested review from bennyz bennyz is a code owner

@emesika emesika Awaiting requested review from emesika emesika is a code owner

@mwperina mwperina Awaiting requested review from mwperina mwperina is a code owner

@michalskrivanek michalskrivanek Awaiting requested review from michalskrivanek michalskrivanek is a code owner

@oliel oliel Awaiting requested review from oliel

@smelamud smelamud Awaiting requested review from smelamud smelamud is a code owner

@didib didib Awaiting requested review from didib didib is a code owner

@sjd78 sjd78 Awaiting requested review from sjd78

Assignees

@rszwajko rszwajko

Labels
UX
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@rszwajko @sgratch @ljelinkova