robinhood icon indicating copy to clipboard operation
robinhood copied to clipboard

Published 20 hours ago verified publisher icon cea-hpc

Different User Type Handling for the Web-GUI

Open gabrieleiannetti opened this issue 8 years ago • 3 comments

Hello,

if we would like to provide the Robinhood Web GUI to normal users as well and not just restrict it to administrators, this implies security policy issues, hence a normal user can see files of other users.

What do you think about a different user type handling in the following manner for such a reason:

  1. Normal User (default) A normal user can just see its own files.
  2. Privileged User A privileged user can see all files from its own group.
  3. Administrator An administrator can see all files.

Best regards, Gabriele

gabrieleiannetti avatar Feb 08 '17 09:02 gabrieleiannetti

Jerome, is this what you implemented in commit 352a36a ?

tl-cea avatar Jun 09 '17 15:06 tl-cea

Would it be possible to restrict the browser-plugin to files that are accessible by the user currently logged in?

r5r3 avatar Sep 11 '18 10:09 r5r3

Hi,

If you enable the ldapauth plugin (with a ldapserver), you can restrict the access to files belonging to the current logged user. It'll automaticaly search for the user, retrieve the uid and groups filter the request (uid, group and read for others) and append the filter to the request.

Regards,

Jérôme

ja-cea avatar Sep 11 '18 11:09 ja-cea