[jira] [Commented] (SOLR-15928) Hide/disable/dim menus and buttons in UI based on user permissions

[ASF subversion and git services (Jira)]

    [ 
https://issues.apache.org/jira/browse/SOLR-15928?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17691597#comment-17691597
 ] 

ASF subversion and git services commented on SOLR-15928:
--------------------------------------------------------

Commit 5f6ddbf371eec97b3d6427a9a19dfea5b31f022b in solr's branch 
refs/heads/main from Jan Høydahl
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=5f6ddbf371e ]

SOLR-15928 Dim add collection buttons in Admin UI when no permission (#1371)



> Hide/disable/dim menus and buttons in UI based on user permissions
> ------------------------------------------------------------------
>
>                 Key: SOLR-15928
>                 URL: https://issues.apache.org/jira/browse/SOLR-15928
>             Project: Solr
>          Issue Type: Improvement
>          Components: Admin UI, security
>            Reporter: Jan Høydahl
>            Assignee: Jan Høydahl
>            Priority: Major
>          Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> In SOLR-15776 we laid the foundation for authorization permission checks in 
> UI by returning  logged in permissions in /admin/system/info and adding a 
> {{permissions.js}} file and a {{isPermitted()}} method to the admin UI.
> In this Jira we'll use this to decorate various parts of the UI so less 
> privileged user won't get lots of 403 errors when clicking around. Here are 
> some proposals:
>  * Grey out and disable Cloud/Tree and Cloud/Graph menus if user does not 
> have ZK_READ_PERM. Add a mouseover tooltip saying "You lack required role(s) 
> for this"
>  * Grey out and disable Cloud/Nodes if user does not have METRICS_READ 
> permission. Alternatively (and perhaps better), adjust cloud.js so that it 
> will not attempt fetching /admin/metrics at all, and instead return N/A or 
> something for disk space, QPS etc.
>  * Grey out and disable Threads menu if user does not have METRICS_READ_PERM. 
> Add a mouseover tooltip saying "You lack required role(s) for this"
>  * Grey out and disable "Add Collection" button if user lacks 
> COLLECTION_EDIT_PERM and "Add Core" button if user lacks CORE_EDIT_PERM. Add 
> tooltip
>  * In Cores/Tree (cloud.html/cloud.js), we have already made clicking 
> {{/security.json}} a NOOP if user lacks SECURITY_READ_PERM. However it would 
> be nice if the right panel could display a helpful text.
>  * Other screens, as suggested by 
> https://docs.google.com/spreadsheets/d/1s2xokDxw9IkXr7ZA5n06RPDj6EwvpbsZ7zUeKpvRC3Q/edit#gid=0



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org