Feature #11450
closedForbid creating job directories for users without permissions
100%
Description
Now a guest user (a new registered, for example) can create job directories. This should be forbidden until an admin grants the corresponding rights.
In general, all modifications must not be possible, without direct and clear granting the rights. A potential idea for implementation is to block new users from login. And after some aprove from an admin or granting some rights, they will be able to login.
There is also a minor problem with access to names of real jobs. So, one can not open a job without rights, but it can see its name in the parent directory.
Updated by Evgeny Novikov over 2 years ago
- Category set to Bridge
- Assignee set to Vladimir Gratinskiy
Updated by Vladimir Gratinskiy over 2 years ago
- Due date set to 03/01/2022
- Category deleted (
Bridge) - Status changed from New to Resolved
- Assignee deleted (
Vladimir Gratinskiy) - % Done changed from 0 to 100
Implemented in branch "bridge-11450". To set user active/inactive admin should go to "Admin tools"-> "Users" -> Select user -> change "Active" -> "Save".
Updated by Vladimir Gratinskiy over 2 years ago
- Category set to Bridge
- Assignee set to Vladimir Gratinskiy
Updated by Evgeny Novikov over 2 years ago
- Status changed from Resolved to Open
- Names of (preset) job directories without any visible jobs, so that activated users will see nothing at the jobs tree page.
- Marks until at least one minor right, say to observe a certain job, will be added to a new user.
I suggest to think about further considerable restrictions if necessary within a dedicated task #10828.
Updated by Evgeny Novikov over 2 years ago
- Related to Feature #10828: Suggest new access scheme added
Updated by Evgeny Novikov over 2 years ago
- Status changed from Open to Closed
After all Vladimir supported the new way for granting access to new users. First of all, new users should be activated by the administrator (existing users will be automatically activated after updating Klever), then somebody should grant them some accesses either globally (this is a responsibility of the administrator again) or for particular jobs (unless some jobs already have an access for all users). Otherwise, new users won't be able to login.
I merged the branch to master in 0a0456edb.