Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-15928

Hide/disable/dim menus and buttons in UI based on user permissions



    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • Admin UI, security
    • None


      In SOLR-15776 we laid the foundation for authorization permission checks in UI by returning  logged in permissions in /admin/system/info and adding a permissions.js file and a isPermitted() method to the admin UI.

      In this Jira we'll use this to decorate various parts of the UI so less privileged user won't get lots of 403 errors when clicking around. Here are some proposals:

      • Grey out and disable Cloud/Tree and Cloud/Graph menus if user does not have ZK_READ_PERM. Add a mouseover tooltip saying "You lack required role(s) for this"
      • Grey out and disable Cloud/Nodes if user does not have METRICS_READ permission. Alternatively (and perhaps better), adjust cloud.js so that it will not attempt fetching /admin/metrics at all, and instead return N/A or something for disk space, QPS etc.
      • Grey out and disable Threads menu if user does not have METRICS_READ_PERM. Add a mouseover tooltip saying "You lack required role(s) for this"
      • Grey out and disable "Add Collection" button if user lacks COLLECTION_EDIT_PERM and "Add Core" button if user lacks CORE_EDIT_PERM. Add tooltip
      • In Cores/Tree (cloud.html/cloud.js), we have already made clicking /security.json a NOOP if user lacks SECURITY_READ_PERM. However it would be nice if the right panel could display a helpful text.
      • Other screens, as suggested by https://docs.google.com/spreadsheets/d/1s2xokDxw9IkXr7ZA5n06RPDj6EwvpbsZ7zUeKpvRC3Q/edit#gid=0


        Issue Links



              Unassigned Unassigned
              janhoy Jan Høydahl
              0 Vote for this issue
              1 Start watching this issue