EPIC: Permission based control for users #2272
Labels
epic
Represents a bigger chunk of work, which is resolved by number of linked issues.
Comments
aindriu-aiven
added
the
epic
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is currently missing?
Currently Coral is allowing access to new screens based off the role type of users, "USERS" get access to Coral and "SUPERADMIN" users do not.
Some API Endpoints do not have sufficient guards put in place to prevent users from using curl or if some endpoints are available to users on coral they do not get the correct "unauthorized" response from the Back end API.
e.g. if a user does not have VIEW_TOPICS permission the API to GetTopics should return an unauthorized response.
How could this be improved?
All back end API endpoints should have correct api permission guards in place.
Coral can use the permission model to prevent some views from appearing when they do not have permissions or grey out buttons when not required.
e.g. If a user does not have VIEW_TOPICS permission Coral would not show the Topic Catalog.
Is this a feature you would work on yourself?
The text was updated successfully, but these errors were encountered: