hi all,
The Zeppelin 0.7.0 enabled user to secure interpreter setting, credentials
and configurations info by shiro.
If you remove the following notes in shiro.ini:
[
#/api/interpreter/** = authc, roles[admin]
#/api/configurations/** = authc, roles[admin]
#/api/credential/** = authc, roles[admin]
]
but the other users without role of admin also can click the interpreter
setting, credentials and configurations, and it refuse those users.
So why not set the setting invisible to the users without role of admin
instead of refusing to visit when click the settings ?
