[ZEPPELIN-4458] All users can change any notebooks' Note Permissions - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 0.8.2
Fix Version/s: None
Component/s: NotebookRepo
Labels:
None

Description

Here is my `shiro.ini`:

[users]
admin = 123123, ADMIN
dev = 123123, DEV
viewer = 123123, VIEWER


[main]
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager

cookie = org.apache.shiro.web.servlet.SimpleCookie
cookie.name = JSESSIONID
cookie.httpOnly = true

sessionManager.sessionIdCookie = $cookie

securityManager.sessionManager = $sessionManager

securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login

[roles]
ADMIN = *
DEV = *
VIEWER = *

[urls]
/api/version = anon
/api/interpreter/setting/restart/** = authc
/api/interpreter/** = authc, roles[ADMIN]
/api/configurations/** = authc, roles[ADMIN]
/api/credential/** = authc, roles[ADMIN]
/** = authc

I use admin to create a notebook and set `owner` to admin user and `reader` to viewer user. Then use viewer to read that notebook, permissions work except `Note Permissions` which viewer can change the `Note Permissions`...

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: archon gum

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 21/Nov/19 06:33

Updated:: 21/Nov/19 06:43