Project

General

Profile

Actions

Feature #11450

closed

Forbid creating job directories for users without permissions

Added by Pavel Andrianov almost 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Urgent
Category:
Bridge
Target version:
Start date:
03/01/2022
Due date:
03/01/2022
% Done:

100%

Estimated time:
Published in build:

Description

Now a guest user (a new registered, for example) can create job directories. This should be forbidden until an admin grants the corresponding rights.

In general, all modifications must not be possible, without direct and clear granting the rights. A potential idea for implementation is to block new users from login. And after some aprove from an admin or granting some rights, they will be able to login.

There is also a minor problem with access to names of real jobs. So, one can not open a job without rights, but it can see its name in the parent directory.


Related issues 1 (1 open0 closed)

Related to Klever - Feature #10828: Suggest new access schemeNew04/29/2021

Actions
Actions #1

Updated by Evgeny Novikov almost 3 years ago

  • Category set to Bridge
  • Assignee set to Vladimir Gratinskiy
Actions #2

Updated by Vladimir Gratinskiy almost 3 years ago

  • Due date set to 03/01/2022
  • Category deleted (Bridge)
  • Status changed from New to Resolved
  • Assignee deleted (Vladimir Gratinskiy)
  • % Done changed from 0 to 100

Implemented in branch "bridge-11450". To set user active/inactive admin should go to "Admin tools"-> "Users" -> Select user -> change "Active" -> "Save".

Actions #3

Updated by Vladimir Gratinskiy almost 3 years ago

  • Category set to Bridge
  • Assignee set to Vladimir Gratinskiy
Actions #4

Updated by Evgeny Novikov almost 3 years ago

  • Status changed from Resolved to Open
We revealed some extra things to hide:
  • Names of (preset) job directories without any visible jobs, so that activated users will see nothing at the jobs tree page.
  • Marks until at least one minor right, say to observe a certain job, will be added to a new user.

I suggest to think about further considerable restrictions if necessary within a dedicated task #10828.

Actions #5

Updated by Evgeny Novikov almost 3 years ago

Actions #6

Updated by Evgeny Novikov almost 3 years ago

  • Status changed from Open to Closed

After all Vladimir supported the new way for granting access to new users. First of all, new users should be activated by the administrator (existing users will be automatically activated after updating Klever), then somebody should grant them some accesses either globally (this is a responsibility of the administrator again) or for particular jobs (unless some jobs already have an access for all users). Otherwise, new users won't be able to login.

I merged the branch to master in 0a0456edb.

Actions

Also available in: Atom PDF