ocket8888 opened a new pull request #4004: Make /deliveryservice_stats accessible to read-only users URL: https://github.com/apache/trafficcontrol/pull/4004 ## What does this PR (Pull Request) do? - [x] This PR fixes #3759 This changes the required Role for a `GET` request to `/deliveryservice_stats` to "Read-Only", down from "Operations". Though the Perl handler explicitly checked for the "Operations" (or "Admin") Role, it would override any and all Role checking when the Delivery Service was assigned to the requesting user. The result is that existing users of possibly as low as the "Read-Only" Role expect access to this endpoint. Since the plan is to transition from assigning users to Delivery Services to using Tenancy for such management, the rewrite uses Tenancy and ignores user-to-Delivery Service assignments. Furthermore, because Tenancy and Roles are totally orthogonal checks, the access role must be relaxed to allow users to continue using the endpoint as they are used to. This PR also includes documentation updates, and fixes for problems that exist in the documentation not related to this PR, and modifies CDN-in-a-Box's configuration to enable InfluxDB connections by default. ## Which Traffic Control components are affected by this PR? - CDN in a Box - Documentation - Traffic Ops Handling logic is not being changed, so no additional tests are required ## What is the best way to verify this PR? - Build and install Traffic Ops from this revision (probably using CDN-in-a-Box, up to you) - Run Traffic Ops - Log in (via API or a connected Traffic Portal) as a user with Read-Only permissions (user may need to be created if using CiaB) - Make a `GET` request to `/api/1.2/deliveryservice_stats` - Observe that user permissions are not denied. Handling logic is not being changed, so no additional tests are required ## The following criteria are ALL met by this PR - [x] I have explained why tests are unnecessary - [x] This PR includes documentation - [x] An update to CHANGELOG.md is not necessary - [x] This PR includes any and all required license headers - [x] This PR does not include a database migration - [x] This PR **DOES NOT FIX A SERIOUS SECURITY VULNERABILITY**
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
