leaf icon indicating copy to clipboard operation
leaf copied to clipboard

Published 20 hours ago verified publisher icon uwrit

How would I configure a single-user "demo" instance without admin powers?

Open jnothman opened this issue 3 years ago • 6 comments

I want to be able to run a demo of Leaf with a non-admin user, without setting up an identity service provider. This allows us to demo the Leaf functionality without exposing the entire database. What would be the easiest way to do this?

(My first attempt, dropping the "admin" claim from the Claims field of the admin user in auth.Login didn't work.)

jnothman avatar Dec 17 '21 06:12 jnothman

Found it! https://github.com/uwrit/leaf/blob/35705a4be0657a7bf4a662621bf0141a05fe7e18/src/server/API/Authorization/UnsecureEntitlementProvider.cs#L24

jnothman avatar Dec 20 '21 13:12 jnothman

Yes, that's where I would start as well, @jnothman. If you run into other issues with this please let us know.

ndobb avatar Dec 20 '21 18:12 ndobb

We've currently managed to hack this to give a basic user on the basis of an environment variable: https://github.com/ElevnLi/leaf/pull/3/commits/247cf0064ead8abc7794aaa56ecc65fa09a5184c Ideally we'd control this from appsettings.json.

jnothman avatar Jan 12 '22 05:01 jnothman

Nice work @ElevnLi and @jnothman! We'd love to work these changes in upstream.

How about adding in something like:

"Authorization": {
    "Mechanism": "UNSECURED",
    "AllowAllAuthenticatedUsers": true,
    "UnsecuredIsAdmin": false,
    ...

ndobb avatar Jan 12 '22 19:01 ndobb

Happy for that config, we just needed a quick fix for a demo. :)

jnothman avatar Jan 12 '22 22:01 jnothman

@jnothman I'll work that into our next minor release, seems very straightforward.

ndobb avatar Jan 20 '22 18:01 ndobb