Closed nlaprell closed 6 years ago
All the updated messages and hiding the search menu look good. I feel like the changes to the following files to check for is-search-user rather than is-wizard-user would allow a search user to call the end points (by pasting in the URL in the browser). Since those are used Edit config menu, should we be checking for is-wizard-user instead?
@cskeefer - Those three endpoints are actually GET endpoints and do not perform any CRUD operations. The search page uses them when selecting a database, query, and view to search, so if we validate against the wizard role, it breaks for the search user when searching.
In testing, I manually pasted in the crud page into the browser, and while it does display the interface, any CRUD operation on that page immediately throws a 401 as expected and no data is changed. Eventually, we should probably throw an error on the page and disable the forms, but it works as is right now.
@nlaprell got it, sounds good!