nacos icon indicating copy to clipboard operation
nacos copied to clipboard

Published 20 hours ago verified publisher icon alibaba

Hide the namespaces for user who has no access in the page header tabs.

Open qngl opened this issue 3 years ago • 11 comments

In v2.0.3, the admin can create user and namespace, then set privileges on the user to some namespaces. Now when I use the created user account in the admin console, I can see all the namespaces, not only the ones I have privileges but also the ones I have no access. And if I click on the link, it is saying that "Auth failed". It's not user friendly. So please only show the ones I have access on them.

qngl avatar Dec 15 '21 08:12 qngl

@i will fix it@

GOODBOY008 avatar Jan 10 '22 05:01 GOODBOY008

@li-xiao-shuang Please assigne to me ,Thank you.

GOODBOY008 avatar Jan 18 '22 07:01 GOODBOY008

@li-xiao-shuang Please assigne to me ,Thank you.

You can put forward your idea first

li-xiao-shuang avatar Jan 18 '22 07:01 li-xiao-shuang

Class NamespaceController's method getNamespaces does not check permission of current user.The console of nacos use annotation Secured and NacosAuthManager's method auth to check permission. I will add get current user read permission of namespace in class NamespaceController's method getNamespaces. @li-xiao-shuang

GOODBOY008 avatar Jan 18 '22 09:01 GOODBOY008

Use Secured is suitable or get NacosUser from Request ? And NacosUser add an attribute Set<String> roles, in method getNamespaces ,get roles from NacosUser . If user is admin ,then get all TenantInfo .If not ,query by roles . After that ,already get all TenantInfos ,then can create Namespace by TenantInfo. @li-xiao-shuang

zrfan2016 avatar Jan 20 '22 02:01 zrfan2016

Is this issue still open?

Vassilis-Boubis avatar Mar 17 '22 12:03 Vassilis-Boubis

Class NamespaceController's method getNamespaces does not check permission of current user.The console of nacos use annotation Secured and NacosAuthManager's method auth to check permission. I will add get current user read permission of namespace in class NamespaceController's method getNamespaces. @li-xiao-shuang

Have you made any progress ?

li-xiao-shuang avatar Mar 17 '22 12:03 li-xiao-shuang

Can i push my PR ?

zrfan2016 avatar Mar 18 '22 13:03 zrfan2016

Can i sumit my PR ?

yes,very welcome

li-xiao-shuang avatar Mar 18 '22 13:03 li-xiao-shuang

The auth feature is for check the operation, not check for context. So see all namespace is under expected.

If we want to check the auth for context, we need redesign the auth system. It will cause high changes.

KomachiSion avatar Mar 23 '22 01:03 KomachiSion

Thanks for your feedback and contribution. But the issue/pull request has not had recent activity more than 180 days. This issue/pull request will be closed if no further activity occurs 7 days later. We may solve this issue in new version. So can you upgrade to newest version and retry? If there are still issues or want to contribute again. Please create new issue or pull request again.

stale[bot] avatar Sep 21 '22 00:09 stale[bot]