Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Usage rights should be based on permission "Edit Project", not on group id "PROJECT_ADMIN" #136

Open
freakalot opened this issue Nov 24, 2021 · 9 comments
Open

Usage rights should be based on permission "Edit Project", not on group id "PROJECT_ADMIN" #136

freakalot opened this issue Nov 24, 2021 · 9 comments

Comments

@freakalot
Copy link

Hi,
we are using the plugin since a while and it works great so far. One thing which still bothers us is the problem that only sysadmins can see the slack tab in the project and therefore only they are able to configure it. Isn't there a way to make this tab with edit rights available to specific users?
@alexkvak
Copy link
Owner

Hi, this tab should be available for project admins

@freakalot
Copy link
Author

Hi Alex, thanks for your quick response. Do you know which specific permission is responsible for this? We have set up our own roles and therefore don't use the predefined ones.

@alexkvak
Copy link
Owner

alexkvak commented Nov 24, 2021
edited

That's how it looks like in UI

изображение

Group can be created here /admin/admin.html?item=groups

@freakalot
Copy link
Author

Ok, but I need to know which permission is responsible for this. As I said, we don't use the predefined Project administrator role but created a new one. Now I need to know which of the permissions I need to assign to our role that they can see the slack tab:
image

@alexkvak
Copy link
Owner

Unfortunately this check is based on role not permission
com/fpd/teamcity/slack/PermissionManager.scala:54

@freakalot
Copy link
Author

freakalot commented Nov 24, 2021
edited

I see, but I think this is a bug, as the roles in Teamcity are just a collection of permissions and can be customized. I don't think that you should hardcode the rights to a default role. Not sure if its possible to create a new permission with a plugin, but it should either be linked to a permission, or you need to be able to overwrite the role for the plugin.

It is actually done properly in the same file in line 29:

private def isAdmin(request: Request): Boolean =
    request.exists(
      _.isPermissionGrantedGlobally(Permission.CHANGE_SERVER_SETTINGS)
    )```

@alexkvak
Copy link
Owner

AFAIK there is no way to create custom permission, you can assign to role only predefined permissions

@freakalot
Copy link
Author

Even in this case, the correct sollution would be to check if the user has the "Edit project" permission to be able to use the slack settings. Not the name of a role.

@alexkvak
Copy link
Owner

It makes sense. And it's easy to implement.

But there is only one thing that should be carefully handled — is seems that is should be the major version change.

@freakalot freakalot changed the title Role missing to use the Slack plugin Usage rights should be based on permission "Edit Project", not on group id "PROJECT_ADMIN" Jan 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexkvak @freakalot