Solution Explorer provides the front door into the Integreatly initiative. It hosts the various Solution Patterns, as well as providing a dashboard of installed applications/products/services.
Apache License 2.0
36
stars
54
forks
source link
APPDUX-113: Show unauthorized page if non-Admin accesses Settings #584
We removed the ability for non-Admins to get to the Settings page by disabling the settings cog in the masthead. This JIRA covers if a non-Admin attempts to get to the Settings page by typing the route in the URL, e.g. host/settings. We display a 'Permissions needed' screen with a button that allows them to go back to the home page.
Why
Prevent non-Admins from accessing the settings page. Note that this functionality is only for OpenShift 4, not OpenShift 3.
Verification Steps
If testing locally:
Run the code with yarn start:dev.
By default, you should have full Admin access because in demo mode, the openshift version is 3. Verify that you can click the Settings cog or use /settings to access the normal populated Settings page.
To force a dev user, aka non-admin rights, change the following lines to false:
masthead.js - ln 232
settings.js - ln 114
Verify that the Settings cog is not clickable and displays the descriptive tooltip.
Append your current host URL with /settings e.g. localhost:3006/settings.
Verify that the permissions needed screen is displayed vs the normal settings page.
If you have access to a cluster, you can test the code on a live server by pointing the solution explorer yml to the following docker image:
docker.io/mfrances17/dev-tutorial-web-app:latest
Checklist:
[x] Code has been tested locally by PR requester
[ ] Changes have been successfully verified by another team member
Progress
[x] Finished task
Additional Notes
Non-admin account logged in, Settings page accessed using /settings URL:
@tiffany as requested, changed button text to 'Go to home'. Also changed the same button text in the other empty state pages to be consistent - specifically, the congrats page and the error page.
Motivation
https://issues.redhat.com/browse/APPDUX-113
What
We removed the ability for non-Admins to get to the Settings page by disabling the settings cog in the masthead. This JIRA covers if a non-Admin attempts to get to the Settings page by typing the route in the URL, e.g. host/settings. We display a 'Permissions needed' screen with a button that allows them to go back to the home page.
Why
Prevent non-Admins from accessing the settings page. Note that this functionality is only for OpenShift 4, not OpenShift 3.
Verification Steps
If testing locally:
If you have access to a cluster, you can test the code on a live server by pointing the solution explorer yml to the following docker image: docker.io/mfrances17/dev-tutorial-web-app:latest
Checklist:
Progress
Additional Notes
Non-admin account logged in, Settings page accessed using /settings URL: