Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update freeradius ACL #4588

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Update freeradius ACL #4588

wants to merge 4 commits into from

Conversation

burghy86
Copy link

add permission for users and log

@burghy86
Update ACL.xml
d61414b 
add permission for users and log
@burghy86 burghy86 changed the title Update ACL.xml Update freeradius ACL Mar 12, 2025
burghy86 added 3 commits March 12, 2025 16:14
@burghy86
Update ACL.xml
bf4490f 
fix add api pattern
@burghy86
Update ACL.xml
808d566 
fix log api
@burghy86
Update ACL.xml
c7dafbd 
delete acl log. not work for my limit
users work perfectly
mimugmail
mimugmail approved these changes Mar 12, 2025
View reviewed changes
Copy link
Member

@mimugmail mimugmail left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, thx

@fichtner fichtner self-assigned this Mar 12, 2025
@fichtner
Copy link
Member

I'm not sure this is a good idea, especially since the API endpoint pattern still allows all manipulation. CC @AdSchellevis

@burghy86
Copy link
Author

I'm not sure this is a good idea, especially since the API endpoint pattern still allows all manipulation. CC @AdSchellevis

I have created a reception user who should only be able to create and delete guest WiFi users. As of now, I can only grant permissions for the entire FreeRADIUS plugin, but it's not granular. This way, they can only see the users and won't cause any issues. It may not be the best method, but it seems the most logical one since other plugins already use the same user permission system.

@AdSchellevis
Copy link
Member

Not a good idea indeed as it suggests a granularity that simply doesn't exist which means someone will open a ticket or cve for a security concern rather sooner than later.

@burghy86
Copy link
Author

Not a good idea indeed as it suggests a granularity that simply doesn't exist which means someone will open a ticket or cve for a security concern rather sooner than later.

i'm not a expert. sorry.i will wait a solution for a real programmer

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mimugmail mimugmail mimugmail approved these changes

Assignees

@fichtner fichtner

Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@burghy86 @fichtner @AdSchellevis @mimugmail