Jan Høydahl created SOLR-13364: ---------------------------------- Summary: Make Admin UI aware of logged-in users permissions Key: SOLR-13364 URL: https://issues.apache.org/jira/browse/SOLR-13364 Project: Solr Issue Type: New Feature Security Level: Public (Default Security Level. Issues are Public) Components: Authorization, Admin UI, Authentication, security Reporter: Jan Høydahl
We should aim to add fine-grained permission checks to the UI. One way to do this is to add a new REST-endpoint {{/admin/login/whoami}} that is always open for all, and that responds with a JSON with current user's permissions. If no user is logged in it will respond with empty list and "No user logged in". Else it will respond with e.g. {code:java} { "user": "john", "roles": ["superuser", "searcher"], "permissions": ["security-edit", "collectionadmin"...] }{code} The Admin UI can then request this endpoint and cache the info, so that it may make decisions to hide/grey out certain menu options throughout the UI. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org