[ 
https://issues.apache.org/jira/browse/KYLIN-3199?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16351220#comment-16351220
 ] 

Peng Xing commented on KYLIN-3199:
----------------------------------

Hi [~Zhixiong Chen], I analyzed the backend security code, found 'ROLE_MODELER' 
and 'ROLE_ANALYST' these two roles have been abandoned, only retained 
'ROLE_MODELER' role, which is the administrator role, and other users are 
controlled by permission.
Secondly, I analyzed the client header menu, they are all controlled through 
'userService.isAuthorized ()', as follow:

{code:java}
          <li class="{{activeTab=='query'?'purple':'green'}}" 
ng-if="userService.isAuthorized()">
            <a href="query">Insight</a>
          </li>
          <li class="{{activeTab=='models'?'purple':'green'}}" 
ng-if="userService.isAuthorized()">
            <a href="models">Model</a>
          </li>
          <li class="{{activeTab=='jobs'?'purple':'green'}}" 
ng-if="userService.isAuthorized()">
            <a href="jobs">Monitor</a>
          </li>
          <li class="{{activeTab=='admin'?'purple':'green'}}" 
ng-if="userService.hasRole('ROLE_ADMIN')">
            <a href="admin">System</a>
          </li>
          <li class="{{activeTab=='dashboard'?'purple':'green'}}" 
ng-if="userService.isAuthorized() && isShowDashboard">
            <a href="dashboard">Dashboard</a>
          </li>
{code}

So I update my patch, please review, thanks!

> The login dialog should be closed when ldap user with no permission login 
> correctly
> -----------------------------------------------------------------------------------
>
>                 Key: KYLIN-3199
>                 URL: https://issues.apache.org/jira/browse/KYLIN-3199
>             Project: Kylin
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: v2.3.0
>            Reporter: Peng Xing
>            Assignee: Peng Xing
>            Priority: Minor
>              Labels: patch
>         Attachments: 
> 0001-KYLIN-3199-The-login-dialog-should-be-closed-when-ld.patch, 
> ldap_user_login.png
>
>
> 1. Open ldap authentication, but I do not give the admin permission to group 
> 'xpGroup';
> 2. Create a ldap user 'xp', who belongs to group 'xpGroup', so this user has 
> none permission.
> 3. When user 'xp' login in, the above bar has showed and been enabled, but 
> the login dialog still show.
> 4. Then you can click any button on above bar.
> Please refer to 'ldap_user_login.png'
> I think the login dialog should be closed when you login in correctly, and 
> redirect to the 'Model' page, but this user has no permission.
> I have modified this issue, please review the patch, thanks!



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to