Feature #11450
closed
Forbid creating job directories for users without permissions
Added by Pavel Andrianov over 2 years ago.
Updated over 2 years ago.
Description
Now a guest user (a new registered, for example) can create job directories. This should be forbidden until an admin grants the corresponding rights.
In general, all modifications must not be possible, without direct and clear granting the rights. A potential idea for implementation is to block new users from login. And after some aprove from an admin or granting some rights, they will be able to login.
There is also a minor problem with access to names of real jobs. So, one can not open a job without rights, but it can see its name in the parent directory.
Related issues
1 (1 open — 0 closed)
- Category set to Bridge
- Assignee set to Vladimir Gratinskiy
- Due date set to 03/01/2022
- Category deleted (
Bridge)
- Status changed from New to Resolved
- Assignee deleted (
Vladimir Gratinskiy)
- % Done changed from 0 to 100
Implemented in branch "bridge-11450". To set user active/inactive admin should go to "Admin tools"-> "Users" -> Select user -> change "Active" -> "Save".
- Category set to Bridge
- Assignee set to Vladimir Gratinskiy
- Status changed from Resolved to Open
We revealed some extra things to hide:
- Names of (preset) job directories without any visible jobs, so that activated users will see nothing at the jobs tree page.
- Marks until at least one minor right, say to observe a certain job, will be added to a new user.
I suggest to think about further considerable restrictions if necessary within a dedicated task #10828.
- Status changed from Open to Closed
After all Vladimir supported the new way for granting access to new users. First of all, new users should be activated by the administrator (existing users will be automatically activated after updating Klever), then somebody should grant them some accesses either globally (this is a responsibility of the administrator again) or for particular jobs (unless some jobs already have an access for all users). Otherwise, new users won't be able to login.
I merged the branch to master in 0a0456edb.
Also available in: Atom
PDF