Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Central Server permissions #1900

Merged
merged 5 commits into from
Dec 19, 2023
Merged

fix: Central Server permissions #1900

merged 5 commits into from
Dec 19, 2023

Conversation

mikkbachmann
Copy link
Contributor

In this PR I fixed Security Officer permissions on the Settings tab and also made some viewing permissions more consistent between roles.

refs: XRDDEV-2543

@mikkbachmann mikkbachmann changed the base branch from develop to release-7.4 December 13, 2023 17:11
@mikkbachmann mikkbachmann requested review from a team, ovidijusnortal, enelir and andresrosenthal and removed request for a team, ovidijusnortal and enelir December 13, 2023 17:11
andresrosenthal
andresrosenthal reviewed Dec 15, 2023
View reviewed changes
src/central-server/admin-service/application/src/main/resources/permissions.yml Outdated
- VIEW_EXTERNAL_CONFIGURATION_SOURCE: [ XROAD_SYSTEM_ADMINISTRATOR, XROAD_SECURITY_OFFICER ]
- GENERATE_SOURCE_ANCHOR: [ XROAD_SECURITY_OFFICER ]
- DOWNLOAD_SOURCE_ANCHOR: [ XROAD_SECURITY_OFFICER ]
- UPLOAD_CONFIGURATION_PART: [ XROAD_SECURITY_OFFICER, XROAD_REGISTRATION_OFFICER ]
- UPLOAD_CONFIGURATION_PART: [ XROAD_SECURITY_OFFICER ]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like this line is missing XROAD_SYSTEM_ADMINISTRATOR role.
According to spec upload & download should both have XROAD_SYSTEM_ADMINISTRATOR & XROAD_SECURITY_OFFICER roles

src/central-server/admin-service/application/src/main/resources/permissions.yml Outdated
- ADD_MEMBER_CLASS: [ XROAD_SYSTEM_ADMINISTRATOR ]
- EDIT_MEMBER_CLASS: [ XROAD_SYSTEM_ADMINISTRATOR ]
- DELETE_MEMBER_CLASS: [ XROAD_SYSTEM_ADMINISTRATOR ]
- VIEW_MEMBER_CLASSES: [ XROAD_SECURITY_OFFICER, XROAD_SYSTEM_ADMINISTRATOR ]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to spec, CRUD operations regarding member classes should be allowed to XROAD_SECURITY_OFFICER only.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@andresrosenthal andresrosenthal self-requested a review December 18, 2023 13:05
@mikkbachmann mikkbachmann merged commit 0067891 into release-7.4 Dec 19, 2023
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andresrosenthal andresrosenthal andresrosenthal approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mikkbachmann @andresrosenthal