[ https://issues.apache.org/jira/browse/SOLR-13364?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16808850#comment-16808850 ]
Jan Høydahl commented on SOLR-13364: ------------------------------------ Feel free to whip up a patch. I have no immediate plan to start on this one. > Make Admin UI aware of logged-in users permissions > -------------------------------------------------- > > Key: SOLR-13364 > URL: https://issues.apache.org/jira/browse/SOLR-13364 > Project: Solr > Issue Type: New Feature > Security Level: Public(Default Security Level. Issues are Public) > Components: Admin UI, Authentication, Authorization, security > Reporter: Jan Høydahl > Priority: Major > > We should aim to add fine-grained permission checks to the UI. One way to do > this is to add a new REST-endpoint {{/admin/login/whoami}} that is always > open for all, and that responds with a JSON with current user's permissions. > If no user is logged in it will respond with empty list and "No user logged > in". Else it will respond with e.g. > {code:java} > { "user": "john", "roles": ["superuser", "searcher"], "permissions": > ["security-edit", "collectionadmin"...] }{code} > The Admin UI can then request this endpoint and cache the info, so that it > may make decisions to hide/grey out certain menu options throughout the UI. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org