Skip to content

[atc/api] Increase scope of Admin privilege #4193

New issue
New issue
Closed
#4238
Closed
[atc/api] Increase scope of Admin privilege#4193
#4238
Labels
size/mediumAn easily manageable amount of work. Well-defined scope, few unknowns.
@taylorsilva

Description

@taylorsilva
taylorsilva
opened on Jul 30, 2019

Epic #4192

Description/Context

We want to update the API handlers that care about what teams a user belongs to. The accessor.IsAuthorized() should always return true if the user is Admin. Any handlers that care about the teams that a user is part of should check if the user is an admin and instead perform their action for/with all teams in mind.

Tip: search for usages of acc.TeamNames(), those are the handlers you likely need to change

Task List

  • Investigate and potentially modify the following methods to behave properly for an admin user:
    • Modify ListAllPipelines
    • Modify ListAllJobs
    • Modify ListBuilds
    • Modify ListAllResources
    • Modify ListWorkers

Acceptance Criteria

  • No handler should return unauthorized if a user is Admin
  • Web UI displays all pipelines when a user is Admin
  • Fly CLI should be able to log into any team and perform any action
    • will work on this in the Fly CLI story

Metadata

Metadata

Assignees

No one assigned

    Labels

    size/mediumAn easily manageable amount of work. Well-defined scope, few unknowns.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions