]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commitdiff
projects / ceph.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 53aefaa)
mgr/dashboard: Revoke read-only user's access to Manager modules 40650/head
authorNizamudeen A <nia@redhat.com>
Tue, 6 Apr 2021 15:54:51 +0000 (21:24 +0530)
committerNizamudeen A <nia@redhat.com>
Mon, 26 Apr 2021 09:13:31 +0000 (14:43 +0530)
This will disable read only user to read/open Manager Modules page in
Ceph Dashboard where some of the security related informations are
shown.

Fixes: https://tracker.ceph.com/issues/50174
Signed-off-by: Nizamudeen A <nia@redhat.com>
(cherry picked from commit fb607f1561371340d2c9d4e16c4eaceb365fd926)

Conflicts:
src/pybind/mgr/dashboard/services/access_control.py
   - Some of the changes are not backported because those features are
     not implemented on nautilus. So I left them as it is

src/pybind/mgr/dashboard/services/access_control.py patch | blob | history

diff --git a/src/pybind/mgr/dashboard/services/access_control.py b/src/pybind/mgr/dashboard/services/access_control.py
index 4a09991a9e67cba48c7f992d6efc1450d3b794a7..64d1e7967c542971be3f681dcb91b53f8a228be6 100644 (file)
--- a/src/pybind/mgr/dashboard/services/access_control.py
+++ b/src/pybind/mgr/dashboard/services/access_control.py
@@ -114,7 +114,7 @@ ADMIN_ROLE = Role('administrator', 'Administrator', {
 # read-only role provides read-only permission for all scopes
 READ_ONLY_ROLE = Role('read-only', 'Read-Only', {
     scope_name: [_P.READ] for scope_name in Scope.all_scopes()
-    if scope_name != Scope.DASHBOARD_SETTINGS
+    if scope_name not in (Scope.DASHBOARD_SETTINGS, Scope.CONFIG_OPT)
 })
 
 
Unnamed repository; edit this file 'description' to name the repository.