Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 14:20:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

WebAdmin and REST API: remove too granular permissions

Browse Source 
Our permissions system for admin users is too granular and some
permissions overlap. For example, you can define an administrator
with the "manage_system" permission and not with the "manage_admins"
or "manage_user" permission, but the "manage_system" permission
allows you to restore a backup and then create users and
administrators. The following permissions will be removed:
"manage_admins", "manage_apikeys", "manage_system", "retention_checks",
"manage_event_rules", "manage_roles", "manage_ip_lists". Now you
need to add the "*" permission to replace the removed granular
permissions because the removed permissions allow actions that
should only be allowed to super administrators.
There is no point in having separate, overlapping permissions.

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
2024-11-10 10:35:23 +01:00
parent ef98ee7d11
commit 3dd412f6e3
15 changed files with 127 additions and 162 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
static/locales/en/translation.json
View File

@@ -759,14 +759,14 @@
"access_time_help": "No restrictions means access is always allowed, the time must be set in the format HH:MM"
},
"admin": {
"role_permissions": "A role admin cannot have the following permissions: {{val}}",
"role_permissions": "A role admin cannot have the \"*\" permission",
"view_manage": "View and manage admins",
"self_delete": "You cannot delete yourself",
"self_permissions": "You cannot change your permissions",
"self_disable": "You cannot disable yourself",
"self_role": "You cannot add/change your role",
"password_help": "If blank the current password will not be changed",
"role_help": "Setting a role limit the administrator to only manage users with the same role. Administrators with a role cannot have the following permissions: \"manage_admins\", \"manage_roles\", \"manage_event_rules\", \"manage_apikeys\", \"manage_system\", \"manage_ip_lists\"",
"role_help": "Setting a role limit the administrator to only manage users with the same role. Administrators with a role cannot be super administrators",
"users_groups": "Groups for users",
"users_groups_help": "Groups automatically selected for new users created by this admin. The admin will still be able to choose different groups. These settings are only used for this admin UI and they will be ignored in REST API/hooks",
"group_membership": "Add as membership",