How would I configure a single-user "demo" instance without admin powers?

[jnothman]

I want to be able to run a demo of Leaf with a non-admin user, without setting up an identity service provider. This allows us to demo the Leaf functionality without exposing the entire database. What would be the easiest way to do this?

(My first attempt, dropping the "admin" claim from the Claims field of the admin user in auth.Login didn't work.)

[jnothman]

Found it! https://github.com/uwrit/leaf/blob/35705a4be0657a7bf4a662621bf0141a05fe7e18/src/server/API/Authorization/UnsecureEntitlementProvider.cs#L24

[ndobb]

Yes, that's where I would start as well, @jnothman. If you run into other issues with this please let us know.

[jnothman]

We've currently managed to hack this to give a basic user on the basis of an environment variable: https://github.com/ElevnLi/leaf/pull/3/commits/247cf0064ead8abc7794aaa56ecc65fa09a5184c Ideally we'd control this from appsettings.json.

[ndobb]

Nice work @ElevnLi and @jnothman! We'd love to work these changes in upstream.

How about adding in something like:

"Authorization": {
    "Mechanism": "UNSECURED",
    "AllowAllAuthenticatedUsers": true,
    "UnsecuredIsAdmin": false,
    ...

[jnothman]

Happy for that config, we just needed a quick fix for a demo. :)

[ndobb]

@jnothman I'll work that into our next minor release, seems very straightforward.