Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-480

Need access control on REST API based on permission model

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.5.0
    • Fix Version/s: 0.5.0
    • Component/s: admin
    • Labels:
      None

      Description

      Need to put access control on REST API
      If a non-admin user has no permission to a particular module say "Audit" but the group to which he belongs has permission that module, then give access to that non-admin user. User permissions is a union of his and his group permissions.

      Use-cases to be covered:
      Get AuditLogs (user-with-no-permission) GET service/assets/accessAudit
      Update user permission (non-admin) POST service/xusers/permission/user
      Update group permission (non-admin) POST service/xusers/permission/group

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                pradeep.agrawal Pradeep Agrawal
                Reporter:
                gautamborad Gautam Borad
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: