lzammit
commented
4 years ago Can we just add the CONFIGURATION_MAIN_READ ?
Open nqb opened 4 years ago
lzammit
commented
4 years ago Can we just add the CONFIGURATION_MAIN_READ ?
nqb
commented
4 years ago @lzammit, that's not the right way to fix that issue from my point of view.
julsemaan
commented
4 years ago I've pushed a couple of related commits to user rights management, it should fix this but @nqb said CONFIGURATION_MAIN_READ isn't the "right" way to fix it so I'll leave this opened but this is technically fixed
nqb
commented
4 years ago In my previous comment, I would like to mention that adding CONFIGURATION_MAIN_READ to User managers provide a wide access to configuration when I doesn't seem to be necessary (in application of PoLP)
satkunas
commented
3 years ago Assigning @julsemaan and @nqb, changes required for front-end are not defined. More discussion is needed.
Describe the bug When you log as a User Manager and try to create user, you got warning about CONFIGURATION_MAIN_READ missing role.
To Reproduce Steps to reproduce the behavior:
Expected behavior User Manager admin access should work without warnings.
Additional context It seems that frontend is calling
/api/v1/config/base/guests_admin_registrationwhen loading the page in place of/api/v1/current_user/allowed_user_access_durations. However,/api/v1/current_user/allowed_user_access_durationsis correctly called when you add a "Access duration" action.