0.25.0 ACL permission excess rights #1927
Unanswered
integritas88
asked this question in
Q&A
Replies: 1 comment
-
|
Please give us more information about your setup: the entire roles / groups configuration, if you use basic/ldap/oauth, the user and the permissions it should have, screenshots... |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
After updating to version 0.25.0, the following security issues were noticed:
react-CMjgpN1I.js:40 TypeError: Cannot read properties of undefined (reading 'includes')
at Qf.render (index-Jmio8XBk.js:484:3275)
at jh (react-CMjgpN1I.js:40:6181)
at Qv (react-CMjgpN1I.js:40:5978)
at O1 (react-CMjgpN1I.js:40:44917)
at D1 (react-CMjgpN1I.js:40:39790)
at s (react-CMjgpN1I.js:40:39718)
at wc (react-CMjgpN1I.js:40:39570)
at qh (react-CMjgpN1I.js:40:35934)
at T1 (react-CMjgpN1I.js:40:34883)
at C (react-CMjgpN1I.js:25:1535)
Bh @ react-CMjgpN1I.js:40
react-CMjgpN1I.js:40 Uncaught TypeError: Cannot read properties of undefined (reading 'includes')
at Qf.render (index-Jmio8XBk.js:484:3275)
at jh (react-CMjgpN1I.js:40:6181)
at Qv (react-CMjgpN1I.js:40:5978)
at O1 (react-CMjgpN1I.js:40:44917)
at D1 (react-CMjgpN1I.js:40:39790)
at s_ (react-CMjgpN1I.js:40:39718)
at wc (react-CMjgpN1I.js:40:39570)
at qh (react-CMjgpN1I.js:40:35934)
at T1 (react-CMjgpN1I.js:40:34883)
at C (react-CMjgpN1I.js:25:1535)_
If I try to edit a role from https://github.com/tchiotludo/akhq/blob/master/application.example.yml
For example:
roles:
topic-read:
- resources: [ "TOPIC", "TOPIC_DATA" ]
actions: [ "READ" ]
- resources: [ "TOPIC" ]
actions: [ "READ_CONFIG" ]
If i delete TOPIC_DATA:
roles:
topic-read:
- resources: [ "TOPIC" ]
actions: [ "READ" ]
- resources: [ "TOPIC" ]
actions: [ "READ_CONFIG" ]
When user have only ReadOnly access. We receive JS errors in AKHQ
react-CMjgpN1I.js:40 TypeError: Cannot read properties of undefined (reading 'includes')
at Qf.render (index-Jmio8XBk.js:484:3275)
at jh (react-CMjgpN1I.js:40:6181)
at Qv (react-CMjgpN1I.js:40:5978)
at O1 (react-CMjgpN1I.js:40:44917)
at D1 (react-CMjgpN1I.js:40:39790)
at s (react-CMjgpN1I.js:40:39718)
at wc (react-CMjgpN1I.js:40:39570)
at qh (react-CMjgpN1I.js:40:35934)
at T1 (react-CMjgpN1I.js:40:34883)
at C (react-CMjgpN1I.js:25:1535)
Bh @ react-CMjgpN1I.js:40
react-CMjgpN1I.js:40 Uncaught TypeError: Cannot read properties of undefined (reading 'includes')
at Qf.render (index-Jmio8XBk.js:484:3275)
at jh (react-CMjgpN1I.js:40:6181)
at Qv (react-CMjgpN1I.js:40:5978)
at O1 (react-CMjgpN1I.js:40:44917)
at D1 (react-CMjgpN1I.js:40:39790)
at s_ (react-CMjgpN1I.js:40:39718)
at wc (react-CMjgpN1I.js:40:39570)
at qh (react-CMjgpN1I.js:40:35934)
at T1 (react-CMjgpN1I.js:40:34883)
at C (react-CMjgpN1I.js:25:1535)_
If a user has different types of rights to different topics (ro and rw), then in the topics for which the type of rights is RO, buttons for “Update config” the topic will appear for him.
If the conditions from clause 2 are met(user has different types of rights to different topics (ro and rw)), if the user also has ReadOnly access to consumer groups in AKHQ, the following buttons become available: Delete/Update offset.
Beta Was this translation helpful? Give feedback.
All reactions