Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FE: RBC: Messages tab erroneously available #4125

Closed
4 tasks done
fallen-up opened this issue Aug 16, 2023 · 0 comments · Fixed by #4128
Closed
4 tasks done

FE: RBC: Messages tab erroneously available #4125

fallen-up opened this issue Aug 16, 2023 · 0 comments · Fixed by #4128
Assignees
@Haarolean
Labels
area/rbac scope/frontend status/accepted An issue which has passed triage and has been accepted status/confirmed A bug which actuality is confirmed type/bug Something isn't working
Milestone
0.7.2

Comments

@fallen-up
Copy link

Issue submitter TODO list

  • I've looked up my issue in FAQ
  • I've searched for an already existing issues here
  • I've tried running master-labeled docker image and the issue still persists there
  • I'm running a supported version of the application which is listed here

Describe the bug (actual behavior)

Frontend makes the tab "messages" available for topics that you don't have access to.

For example: only "notifications.*" are allowed, but the processing is wrong and the tab is available on the site for all topics that contain the "notifications" not at the beginning of the title.
At the same time the backend works normally and does not allow reading, you can see 403 errors in the developer tab.

Expected behavior

The messages tab should be available only for allowed topics.

Your installation details

version: 0.7.1 (latest)

Steps to reproduce

      permissions:
        - resource: topic
          value: ".*"
          actions: [ "view" ]
        - resource: topic
          value: "notifications.*"
          actions: [ "view" , "messages_read" ]

Screenshots

image
image

Logs

No response

Additional context

No response
@fallen-up fallen-up added status/triage Issues pending maintainers triage type/bug Something isn't working labels Aug 16, 2023
@Haarolean Haarolean self-assigned this Aug 16, 2023
@Haarolean Haarolean added scope/frontend status/accepted An issue which has passed triage and has been accepted status/confirmed A bug which actuality is confirmed and removed status/triage Issues pending maintainers triage labels Aug 16, 2023
@Haarolean Haarolean mentioned this issue Aug 17, 2023
Merged
13 tasks
@Haarolean Haarolean added this to the 0.7.2 milestone Aug 17, 2023
@Haarolean Haarolean changed the title Frontend interprets permissions incorrectly FE: RBC: Messages tab erroneously available Aug 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Haarolean Haarolean

Labels
area/rbac scope/frontend status/accepted An issue which has passed triage and has been accepted status/confirmed A bug which actuality is confirmed type/bug Something isn't working
Projects
None yet
Milestone
0.7.2
Development

Successfully merging a pull request may close this issue.

FE: Refactor RBAC tests, fix "subset" permissions issues provectus/kafka-ui
2 participants
@Haarolean @fallen-up