Feature #3486
open
expose origin of permission in perm dict for users
0%
Description
Currently when we build permissions tree there are multiple origins of permissions. It would be usefull to know from where the user got a repository.read permission. During the big calculation we should store the origin of permissions into a separate dict so we can display it in permissions summary page.
example origin types:
- explicit permissions on repo
- permission inherited from user group
- permissions inherited from default repo permissions
- permissions inherited from global default permission.
This would allow to check if some users don't have wrong user rights, by checking the origin.
Example: it's ok if user has read that it's coming from explicit assignment (one can go to that repo and change it), but it would be wrong if that read permissions comes from inherited global one. It would simply allow to detect nicer exception and improve security
Files
Updated by Marcin Kuzminski [CTO] over 8 years ago
example implementation, @arnaud, could be useful to get an opinion from you on this.
Updated by Arnaud GUT over 8 years ago
Hi Marcin,
This could be useful for me even if I've written a Python script that checks if the delegated admin respects the corporate secrity policy we have at Gemalto.
But, always the same thing ;-), the information you display are not explicit at all for me at least. What means the strikethrough text for this?:
rhodecode-appenlight: repository.none(repo), repository.admin (usergroup:test), repository.none (default)