dashy icon indicating copy to clipboard operation
dashy copied to clipboard

Published 20 hours ago verified publisher icon Lissy93

Add config option to disable all UI config features for non admin users.

Open Cereal916 opened this issue 3 years ago • 2 comments
trafficstars

Cereal916 Medium Cereal916 /disableConfigurationForNonAdmin → Lissy93/dashy Commits: 2 | Files Changed: 5 | Additions: 8 Label

Category:

Feature

Overview

Provides an option to allow admin functionality while still hiding local auth configurations from non admin users.

New Vars (if applicable)

Config file option: disableConfigurationForNonAdmin

Code Quality Checklist (Please complete)

  • [ X ] All changes are backwards compatible
  • [ X ] All lint checks and tests are passing
  • [ X ] There are no (new) build warnings or errors
  • [ X ] (If a new config option is added) Attribute is outlined in the schema and documented
  • [ X ] (If a new dependency is added) Package is essential, and has been checked out for security or performance
  • [ X ] Bumps version, if new feature added

Cereal916 avatar Sep 11 '22 23:09 Cereal916

Deploy Preview for dashy-dev ready!

Name Link
Latest commit e1d9f85aa008edf71af4f7a7390c71b06eff8a7f
Latest deploy log https://app.netlify.com/sites/dashy-dev/deploys/63277657cd66520008025157
Deploy Preview https://deploy-preview-900--dashy-dev.netlify.app/
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

netlify[bot] avatar Sep 11 '22 23:09 netlify[bot]

Changes preview:

Legend:

👀 Review pull request on Viezly

viezly[bot] avatar Sep 11 '22 23:09 viezly[bot]

Thanks @Lissy93. My motivation for this is just security by obscurity. I don't want other logged in users to see other userId's, hashed pw's or services that are hidden to them. Prob overkill since anyone with a user account is very likely not a bad actor, but it makes me feel better :).

Cereal916 avatar Sep 18 '22 20:09 Cereal916

In #799 I'm adding some proper backend security measures, which should make things a lot better :)

The multi-user functionality, was all added incrementally as each feature was requested, and so not planned from a high level, like it should have been. Currently, any logged in user can use the developer tools, to find certain info from other users, which is far from ideal - just something to be aware of. I am fixing that in the next update.

Lissy93 avatar Sep 18 '22 22:09 Lissy93

Sweet, sounds like it'll prob take care of most of what was in my PR's XD. Hopefully I didn't just gunk up your merge.

Looking forward to the update.

Cereal916 avatar Sep 18 '22 23:09 Cereal916