[jira] [Commented] (SOLR-15825) Permission "all" should include "security-edit"

Thu, 02 Dec 2021 08:11:37 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-15825?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17452482#comment-17452482
 ] 

ASF subversion and git services commented on SOLR-15825:
--------------------------------------------------------

Commit 0a6b58b71d09c5a6a3aa72742f3cd0e9d1ad72b5 in lucene-solr's branch 
refs/heads/branch_8_11 from Timothy Potter
[ https://gitbox.apache.org/repos/asf?p=lucene-solr.git;h=0a6b58b ]

SOLR-15825: Security UI 'hasPermission' check should check if the user has the 
all permission if the requested permission is not defined (#437) (#2620)



> Permission "all" should include "security-edit"
> -----------------------------------------------
>
>                 Key: SOLR-15825
>                 URL: https://issues.apache.org/jira/browse/SOLR-15825
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Admin UI, Authorization, Security UI
>    Affects Versions: 8.10, 8.11, 8.10.1
>            Reporter: Isabelle Giguere
>            Assignee: Timothy Potter
>            Priority: Minor
>             Fix For: main (9.0), 8.11.1
>
>         Attachments: security.json
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> With basic authentication and rule-based authorization, a user with 
> permission "all" does not have access to the Security panel in the UI.
> Refer to the security.json attached. (credentials: admin/admin)
> The UI displays message : "You do not have permission to view the security 
> panel."
> Workaround:  add permissions "security-edit" and "security-read" to the role 
> (before "all").
> According to [~thelabdude], this is an issue in the UI only:
> {quote}
> this is a bug in the security UI only (not the backend),
> specifically right here:
> https://urldefense.com/v3/__https://github.com/apache/solr/blob/main/solr/webapp/web/js/angular/controllers/security.js*L344__;Iw!!Obbck6kTJA!L1x2jPaH5Hj7OSGuRO9kR5aHJK0h4ekxPfpNGckK9JglMRyaomgDN8ikSeW5f96k$
>  .
> {quote}



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to