karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From t..@quarendon.net
Subject Re: Console role based access control and command completion
Date Thu, 31 Aug 2017 12:25:03 GMT
Hmm, OK.
There's a comment somewhere that implies that someone had at least at some point tried doing
that or thought that was what happened.

It leads to *slightly* odd behaviour, of being told that a command exists, but then being
told, "oh wait, not it doesn't".

Thanks anyway.

> On 31 August 2017 at 13:02 Jean-Baptiste Onofré <jb@nanthrax.net> wrote:
> 
> 
> Hi Tom,
> 
> We don't use the ACL in the completers, only on the action step. That's why you 
> can complete but not execute.
> 
> Regards
> JB
> 
> On 08/31/2017 12:35 PM, tom@quarendon.net wrote:
> > If I'm logged on to the console as user, the list of commands I can execute is controlled
by access control lists.
> > So, if I'm logged on as a user who has only got the "viewer" role, then I can't
shut karaf down, the system:shutdown command requires the "admin" role.
> > 
> > Great.
> > 
> > However, I still appear to be able to get command completion that system:shutdown
is a command, but when I try and invoke it I get "Command not found: system:shutdown", which
seems confusing.
> > 
> > Is this intentional? I saw a comment in the code somewhere (lost it now) that made
me think that the intention was that only commands I can actually invoke are then put in the
completion list, and indeed that would seem like reasonable behaviour.
> > 
> 
> -- 
> Jean-Baptiste Onofré
> jbonofre@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com

Mime
View raw message