From 3c29a5aa7fa5d4100ff8b63f15c50199126491a7 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Thu, 6 Oct 2022 08:49:00 -0400 Subject: [PATCH] Enable non-admin users for web gui --- confluent_server/confluent/auth.py | 7 +++++++ confluent_server/confluent/httpapi.py | 8 ++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/confluent_server/confluent/auth.py b/confluent_server/confluent/auth.py index b71dbb6d..2b4eaa80 100644 --- a/confluent_server/confluent/auth.py +++ b/confluent_server/confluent/auth.py @@ -75,6 +75,7 @@ _allowedbyrole = { '/node*/configuration/*', ], 'start': [ + '/sessions/current/async', '/nodes/*/console/session*', '/nodes/*/shell/sessions*', ], @@ -84,10 +85,16 @@ _allowedbyrole = { ], }, 'Monitor': { + 'start': [ + '/sessions/current/async', + ], 'retrieve': [ '/node*/health/hardware', '/node*/power/state', '/node*/sensors/*', + '/node*/attributes/current', + '/node*/description', + '/noderange/*/nodes/', '/nodes/', '/', ], diff --git a/confluent_server/confluent/httpapi.py b/confluent_server/confluent/httpapi.py index b2b692ec..ac28cbe8 100644 --- a/confluent_server/confluent/httpapi.py +++ b/confluent_server/confluent/httpapi.py @@ -451,7 +451,7 @@ def wsock_handler(ws): mythreadid = greenlet.getcurrent() httpsessions[sessid]['inflight'].add(mythreadid) name = httpsessions[sessid]['name'] - authdata = auth.authorize(name, ws.path) + authdata = auth.authorize(name, ws.path, operation='start') if not authdata: return cfgmgr = httpsessions[sessid]['cfgmgr'] @@ -481,8 +481,12 @@ def wsock_handler(ws): elif clientmsg[0] == '!': msg = json.loads(clientmsg[1:]) action = msg.get('operation', None) + targ = msg.get('target', None) + if targ: + authdata = auth.authorize(name, targ, operation=action) + if not authdata: + continue if action == 'start': - targ = msg['target'] if '/console/session' in targ or '/shell/sessions' in targ: width = msg['width'] height = msg['height']