search

openbmc / webui-vue

Web-based user interface built on Vue.js for managing OpenBMC systems
https://openbmc.github.io/webui-vue/
Apache License 2.0
52 stars 55 forks source link

Hide SOL Console Button on Overview Based on User Privilege #124

Open FarahRasheed1 opened 2 months ago

FarahRasheed1 commented 2 months ago

Describe the bug

The SOL (Serial Over LAN) console button is currently visible to all users on the Overview screen, regardless of their privilege level. This can lead to unauthorized access to the SOL console.

To Reproduce Steps to reproduce the behavior:

  1. Log in to the system with a user account that does not have the necessary privileges for accessing the SOL console (privilege role of operator or read only).
  2. Navigate to the 'Overview' screen.
  3. Observe that the SOL console button is visible and accessible.

Expected behavior

The SOL console button should be conditionally rendered in the Overview page based on user privilege. Only users with the appropriate permissions should see and access this button. This ensures that unauthorized users cannot access the SOL console functionality.

Screenshots

image

Additional context

This bug affects the visibility of the SOL console button in the OverviewQuickLinks component. Proper privilege checks should be implemented to control access to this functionality.

FarahRasheed1 commented 2 months ago

Bench Test Results:

The SOL console button is visible to admin users:

PostFixBenchTestAdministratorPrivelege

The SOL console button is hidden from non-admin users:

PostFixBenchTestNonAdministratorPrivelege