Project

General

Profile

Feature #3486

expose origin of permission in perm dict for users

Added by Marcin Kuzminski [staff] over 3 years ago. Updated over 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
14.04.2016
Due date:
% Done:

0%

Estimated time:
Sorting:
Commit Number:

Description

Currently when we build permissions tree there are multiple origins of permissions. It would be usefull to know from where the user got a repository.read permission. During the big calculation we should store the origin of permissions into a separate dict so we can display it in permissions summary page.

example origin types:

  • explicit permissions on repo
  • permission inherited from user group
  • permissions inherited from default repo permissions
  • permissions inherited from global default permission.

This would allow to check if some users don't have wrong user rights, by checking the origin.

Example: it's ok if user has read that it's coming from explicit assignment (one can go to that repo and change it), but it would be wrong if that read permissions comes from inherited global one. It would simply allow to detect nicer exception and improve security

pasted_image_at_2016_06_03_09_51_pm.png (200 KB) pasted_image_at_2016_06_03_09_51_pm.png Marcin Kuzminski [staff], 03.06.2016 21:03
1203

History

#1 Updated by Marcin Kuzminski [staff] over 3 years ago

1203

example implementation, @arnaud, could be useful to get an opinion from you on this.

#2 Updated by Arnaud GUT over 3 years ago

Hi Marcin,

This could be useful for me even if I've written a Python script that checks if the delegated admin respects the corporate secrity policy we have at Gemalto.

But, always the same thing ;-), the information you display are not explicit at all for me at least. What means the strikethrough text for this?:
rhodecode-appenlight: repository.none(repo), repository.admin (usergroup:test), repository.none (default)

Also available in: Atom PDF