[jira] [Commented] (SOLR-15825) Permission "all" should include "security-edit"

Thu, 02 Dec 2021 08:04:07 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-15825?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17452479#comment-17452479
 ] 

ASF subversion and git services commented on SOLR-15825:
--------------------------------------------------------

Commit f49734e5f73b693cc20e8718b3a98f0595087fda in solr's branch 
refs/heads/main from Timothy Potter
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=f49734e ]

SOLR-15825: Security UI 'hasPermission' check should check if the user has the 
all permission if the requested permission is not defined (#437)



> Permission "all" should include "security-edit"
> -----------------------------------------------
>
>                 Key: SOLR-15825
>                 URL: https://issues.apache.org/jira/browse/SOLR-15825
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Admin UI, Authorization, Security UI
>    Affects Versions: 8.10, 8.11, 8.10.1
>            Reporter: Isabelle Giguere
>            Assignee: Timothy Potter
>            Priority: Minor
>             Fix For: 8.11.1
>
>         Attachments: security.json
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> With basic authentication and rule-based authorization, a user with 
> permission "all" does not have access to the Security panel in the UI.
> Refer to the security.json attached. (credentials: admin/admin)
> The UI displays message : "You do not have permission to view the security 
> panel."
> Workaround:  add permissions "security-edit" and "security-read" to the role 
> (before "all").
> According to [~thelabdude], this is an issue in the UI only:
> {quote}
> this is a bug in the security UI only (not the backend),
> specifically right here:
> https://urldefense.com/v3/__https://github.com/apache/solr/blob/main/solr/webapp/web/js/angular/controllers/security.js*L344__;Iw!!Obbck6kTJA!L1x2jPaH5Hj7OSGuRO9kR5aHJK0h4ekxPfpNGckK9JglMRyaomgDN8ikSeW5f96k$
>  .
> {quote}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to