Thursday, 5 February 2015

keystone more deeper -- authorization (Bugs)

1: for the restriction model of "item", non-supperadmin user or unauthorised user still be able to create object and delete object.

-- fixed:

https://github.com/wangpingsx/keystone_supperAdmin/commit/617191d5c3e28a29ce807c61663ea6d097d7f8e8


A disadvantage is  when use do an unauthorised delete operation, the UE is not so good:




But will look into it to see how to make express redirect to 300 or 400 page when next(error).

unSupperAdmin creating and deleting is not fixed in this commit, it was fix in another commit :
https://github.com/wangpingsx/keystone_supperAdmin/commit/00aba3540949e877d7e4f1ff896eb64bdd4fe986





2: for list restriction, unauthorized user cannot access the list page, but if they know object id, they can access the object page directly by the url like: xxxxx/keystone/object/1223456634


No big deal, I cannot remember such a long user id. But will fix that very soon.

Hi, I was wrong, this issues is not a problem at all. xxxxx/keystone/object/1223456634 will be blocked anyway.









All bugs are solvable. I am working on them!!!!!

















































No comments:

Post a comment