[ZEPPELIN-987] Enable user to secure interpreter setting, credentials and configurations info#993
[ZEPPELIN-987] Enable user to secure interpreter setting, credentials and configurations info#993AhyoungRyu wants to merge 7 commits intoapache:masterfrom
Conversation
AhyoungRyu
force-pushed
the
ZEPPELIN-987
branch
2 times, most recently
from
a4d9dbf to
707527a
Compare
|
@AhyoungRyu is this still a work in progress ? Otherwise LGTM. |
|
@prabhjyotsingh No, I'm just waiting some reviews. I'm not sure that i understood your comment correctly,
I just wanted to make even if some users are already defined in |
|
I was thinking if all of these 3 Interpreter, Credentials, and Configuration menu can be hidden, like the way they are hidden in case of user not loggedin. |
|
@prabhjyotsingh Yeah it makes sense. It would be better. Let me figure out it then :) |
|
@AhyoungRyu If you can come to an implementation that fits @prabhjyotsingh good idea, it would be great if you could make it |
|
@echarles Yes. Thanks for your suggestion ! :) |
AhyoungRyu
changed the title
|
@AhyoungRyu Still working on this? |
AhyoungRyu
force-pushed
the
ZEPPELIN-987
branch
3 times, most recently
from
f2c6111 to
b215364
Compare
|
@prabhjyotsingh Sorry for my late response. Even if they don't have permission to those menus( |
|
Sure this will work. Thanks for the fix. |
| @@ -60,10 +60,14 @@ role2 = * | |||
| role3 = * | |||
|
|
|||
There was a problem hiding this comment.
Can you add one more role admin i.e. admin = * here, so that other user can also use that role.
|
@prabhjyotsingh Thanks for your feedback. I addressed it :) |
AhyoungRyu
changed the title
|
LGTM! |
|
@prabhjyotsingh i'll rebase after #1100 merged and add the alert message to credential page as well :) |
|
@prabhjyotsingh Since #1100 was merged into master, I updated |
|
Tested on both firefox and chrome. Works well. 👍 |
|
Merging this if no more discussion. |
… and configurations info ### What is this PR for? For some user cases, people might want to hide **Interpreter Setting**, **Credentials** and **Configurations** information to other users (who are defined in `conf/shiro.ini`). So I added ``` #/api/interpreter/** = authc, roles[admin] #/api/configurations/** = authc, roles[admin] #/api/credential/** = authc, roles[admin] ``` below the [ [urls] ](https://github.com/apache/zeppelin/blob/master/conf/shiro.ini#L38) section. This issue was originally suggested at [Zeppelin user mailing list](https://mail-archives.apache.org/mod_mbox/zeppelin-users/201606.mbox/%3CCAPgU7Y%3DBJrXQ_P0ond4PTukoya0FEjwoPuUb31iN3qwo8iyM1Q%40mail.gmail.com%3E) by TomNorden ### What type of PR is it? Improvement | Documentation ### Todos * [x] - Add `interpreter`, `credential` and `configuration` url to `conf/shiro.ini` * [x] - Update `shiroauthentication.md` for this change * [x] - Redirect to home with ngToast error message when status is `401` * [x] - Rebase after apache#1100 merged and add error message to `Credential` menu as well ### What is the Jira issue? [ZEPPELIN-987](https://issues.apache.org/jira/browse/ZEPPELIN-987) ### How should this be tested? 1. Apply this patch and restart Zeppelin 2. Login with `admin` and `password1` 3. Go to interpreter, credential and configuration tab -> You can see all of the information in each tabs 4. Logout -> Login again with `user1` and `password2` 5. Go to interpreter, credential and configuration tab -> In this time, you can't see all of the information in each tabs ### Screenshots (if appropriate) - When you login with `user1` (doesn't have permission to see the interpreter, credential and cofiguration info) - interpreter menu  - configuration menu  - credential menu  - `shiroauthentication.md` <img width="807" alt="screen shot 2016-06-10 at 12 25 02 pm" src="https://cloud.githubusercontent.com/assets/10060731/15976949/a49bc542-2f0a-11e6-8869-8575ba8f1875.png"> ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? Yes, so I updated. Author: AhyoungRyu <[email protected]> Closes apache#993 from AhyoungRyu/ZEPPELIN-987 and squashes the following commits: 1d291ac [AhyoungRyu] Redirect to home when unauthorized user click 'credentials' 5896c12 [AhyoungRyu] Revert shiro setting 4411188 [AhyoungRyu] Address @prabhjyotsingh feedback 5c9242c [AhyoungRyu] Redirect to home with error message when status is 401 2a054d4 [AhyoungRyu] Add interpreter, credential and configuration urls to shiro.ini d3a81d5 [AhyoungRyu] Update shiro authentication docs 8be7970 [AhyoungRyu] Change authcBasic -> authc
4 participants
What is this PR for?
For some user cases, people might want to hide Interpreter Setting, Credentials and Configurations information to other users (who are defined in
conf/shiro.ini). So I addedbelow the [urls] section.
This issue was originally suggested at Zeppelin user mailing list by @TomNorden
What type of PR is it?
Improvement | Documentation
Todos
interpreter,credentialandconfigurationurl toconf/shiro.inishiroauthentication.mdfor this change401Credentialmenu as wellWhat is the Jira issue?
ZEPPELIN-987
How should this be tested?
adminandpassword1user1andpassword2Screenshots (if appropriate)
user1(doesn't have permission to see the interpreter, credential and cofiguration info)shiroauthentication.mdQuestions: