Description
In SOLR-15776 we laid the foundation for authorization permission checks in UI by returning logged in permissions in /admin/system/info and adding a permissions.js file and a isPermitted() method to the admin UI.
In this Jira we'll use this to decorate various parts of the UI so less privileged user won't get lots of 403 errors when clicking around. Here are some proposals:
- Grey out and disable Cloud/Tree and Cloud/Graph menus if user does not have ZK_READ_PERM. Add a mouseover tooltip saying "You lack required role(s) for this"
- Grey out and disable Cloud/Nodes if user does not have METRICS_READ permission. Alternatively (and perhaps better), adjust cloud.js so that it will not attempt fetching /admin/metrics at all, and instead return N/A or something for disk space, QPS etc.
- Grey out and disable Threads menu if user does not have METRICS_READ_PERM. Add a mouseover tooltip saying "You lack required role(s) for this"
- Grey out and disable "Add Collection" button if user lacks COLLECTION_EDIT_PERM and "Add Core" button if user lacks CORE_EDIT_PERM. Add tooltip
- In Cores/Tree (cloud.html/cloud.js), we have already made clicking /security.json a NOOP if user lacks SECURITY_READ_PERM. However it would be nice if the right panel could display a helpful text.
- Other screens, as suggested by https://docs.google.com/spreadsheets/d/1s2xokDxw9IkXr7ZA5n06RPDj6EwvpbsZ7zUeKpvRC3Q/edit#gid=0
Attachments
Issue Links
- requires
-
SOLR-15776 Make Admin UI play well with Authorization
-
- Closed
-
- links to
