You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently Coral is allowing access to new screens based off the role type of users, "USERS" get access to Coral and "SUPERADMIN" users do not.
Some API Endpoints do not have sufficient guards put in place to prevent users from using curl or if some endpoints are available to users on coral they do not get the correct "unauthorized" response from the Back end API.
e.g. if a user does not have VIEW_TOPICS permission the API to GetTopics should return an unauthorized response.
How could this be improved?
All back end API endpoints should have correct api permission guards in place.
Coral can use the permission model to prevent some views from appearing when they do not have permissions or grey out buttons when not required.
e.g. If a user does not have VIEW_TOPICS permission Coral would not show the Topic Catalog.
Is this a feature you would work on yourself?
I plan to open a pull request for this feature
The text was updated successfully, but these errors were encountered:
aindriu-aiven
added
the
epic
Represents a bigger chunk of work, which is resolved by number of linked issues.
label
Feb 9, 2024
What is currently missing?
Currently Coral is allowing access to new screens based off the role type of users, "USERS" get access to Coral and "SUPERADMIN" users do not.
Some API Endpoints do not have sufficient guards put in place to prevent users from using curl or if some endpoints are available to users on coral they do not get the correct "unauthorized" response from the Back end API.
e.g. if a user does not have VIEW_TOPICS permission the API to GetTopics should return an unauthorized response.
How could this be improved?
All back end API endpoints should have correct api permission guards in place.
Coral can use the permission model to prevent some views from appearing when they do not have permissions or grey out buttons when not required.
e.g. If a user does not have VIEW_TOPICS permission Coral would not show the Topic Catalog.
Is this a feature you would work on yourself?
The text was updated successfully, but these errors were encountered: