Hi, while the current web console is a great tool and has many great plugins, it comes with a problem: if someone has access to the console this means full access including performing any changes. However many use cases are reading/introspecting the system and seeing if something is wrong.
So apart from the authentication support we have, I think we should add support for authorization. I'm wondering how we should do that? Simplest approach would be to distinguish between two privileges "read" and "write" (or however we name them) and plugins can find out whether the current user has these privileges and act accordingly. I'm wondering if we need more fine grained privileges or more flexible ones, like granting someone to modify configurations but not to change bundle states? Apart from adding the notion of a user and finding out the privileges, this would also mean to adjust all plugins to use this information. If this new security feature is enabled (by default it would be off to have compatible behaviour to today), the web console could simply block all POST requests if the user does not have the "write" privilege and a plugin needs a way to override this. (In some cases a POST is used for testing like for the event admin plugin, so this might be fine etc.) WDYT? Regards Carsten -- Carsten Ziegeler [email protected]
