karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré ...@nanthrax.net>
Subject Re: Console role based access control and command completion
Date Thu, 31 Aug 2017 12:38:10 GMT
Yeah, however, I think it could be painful to check the ACL for each completer.

Let me take a look anyway.

Regards
JB

On 08/31/2017 02:25 PM, tom@quarendon.net wrote:
> Hmm, OK.
> There's a comment somewhere that implies that someone had at least at some point tried
doing that or thought that was what happened.
> 
> It leads to *slightly* odd behaviour, of being told that a command exists, but then being
told, "oh wait, not it doesn't".
> 
> Thanks anyway.
> 
>> On 31 August 2017 at 13:02 Jean-Baptiste Onofré <jb@nanthrax.net> wrote:
>>
>>
>> Hi Tom,
>>
>> We don't use the ACL in the completers, only on the action step. That's why you
>> can complete but not execute.
>>
>> Regards
>> JB
>>
>> On 08/31/2017 12:35 PM, tom@quarendon.net wrote:
>>> If I'm logged on to the console as user, the list of commands I can execute is
controlled by access control lists.
>>> So, if I'm logged on as a user who has only got the "viewer" role, then I can't
shut karaf down, the system:shutdown command requires the "admin" role.
>>>
>>> Great.
>>>
>>> However, I still appear to be able to get command completion that system:shutdown
is a command, but when I try and invoke it I get "Command not found: system:shutdown", which
seems confusing.
>>>
>>> Is this intentional? I saw a comment in the code somewhere (lost it now) that
made me think that the intention was that only commands I can actually invoke are then put
in the completion list, and indeed that would seem like reasonable behaviour.
>>>
>>
>> -- 
>> Jean-Baptiste Onofré
>> jbonofre@apache.org
>> http://blog.nanthrax.net
>> Talend - http://www.talend.com

-- 
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com

Mime
View raw message