[Bug report] Non-admin users can directly use links belongs to the administration page to access some administrative functions.

Organization Name: Fuzhou University.

Short summary about the issue/question: Continuing to explore issue 5203, I found that Non-admin users can directly use links belongs to the administration page to access some administrative functions.

Brief what process you are following:

1. Log in to a non-admin account.
2. Open any of the links: https://IP/dashboard.html, https://IP/cluster-view/hardware.html, https://IP/cluster-view/k8s.html, https://IP/user-view.html.
3. The administration pages are opened.

How to reproduce it:

1. Log in to a non-admin account.
2. Open any of the links: https://IP/dashboard.html, https://IP/cluster-view/hardware.html, https://IP/cluster-view/k8s.html, https://IP/user-view.html.
3. The administration pages are opened.

OpenPAI Environment:

• OpenPAI version: v1.4.1
• Cloud provider or hardware configuration:
• OS (e.g. from /etc/os-release):
• Kernel (e.g. uname -a):
• Hardware (e.g. core number, memory size, storage size, GPU type etc.):
• Others:

Anything else we need to know:

We use cookies to indentify admin.

Could you please clear your cookies and re-try?

We use cookies to indentify admin.

Could you please clear your cookies and re-try?

It is easy to reproduce this problem.

1. clear cookies.
2. Log in to a non-admin account.
3. Open any of the links: https://IP/dashboard.html, https://IP/cluster-view/hardware.html, https://IP/cluster-view/k8s.html, https://IP/user-view.html.
4. The administration pages are opened.

Thanks for explanation. Will track this issue.

seems to be an issue in simple auth mode? I cannot reproduce the bug when AAD is enabled.

seems to be an issue in simple auth mode?

Yes, you are right.