Versions Compared

Version Old Version 6 New Version 7
Changes made by

Catalin Tomai

Catalin Tomai

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

WIP

OVERVIEW

...

About - none
Reporting - none
User Management - read+write (with the exception of not being able to reset other admin passwords)
Site Configuration - none
Authentication - read
Plugins - none
Integrations - none
Compliance - none
Experimental - none

Config.json

The config.json file stores the settings file that roughly map to the same System Console sections/sub-sections, but is a superset of the settings exposed in the System Console.

API methods

There are roughly mainly two categories of API calls : get or createcreat/patch`patch`/update`update`. the get calls are gated by the READ permissions and the create/patch`patch`/update `update` are gated by the WRITE permissions.

...

System Console overall access permissions

Currently, 1) access to the System Console, 2) managing the settings and invoking the functionality in the System Console, 3) managing the settings in the config.json and 4) gating the API calls - all these actions are being gated using the MANAGE_SYSTEM permission assigned only to the SystemAdmin role (with some exceptions). Since we need to give access to the System Console to the new roles and we also need read-only access to the System Console. Given these, we decided to create a new set of permissions that give a more granular access to the System Console and , config.json and related API methods.

Code Block
READ_SETTINGS, WRITE_SETTINGS

Note: MANAGE_SYSTEM` is a System/GlobalAdmin role permission only. It is used to allow the SysAdmins to perform actions that are available only to them - for example, to set permissions on the other admins roles (by design the newly introduced admin roles cannot change the permissions of their peers, only the System Admin can).

System Console per-section/sub-section permissions

...

Each API call that was previously gated by the MANAGE_SYSTEM permission is now gated by the READ_* permission for the get() calls and WRITE_* permission for the create/patch/update calls.
If we need to have more granular access to an API method that corresponds to the functionality of a sub-section in the System Console (like in the User Manager case), we will gate those calls on a case by case (one panel functionality in the System Console panel can map to more than one API call).


Permissions

See changes detailed above

Schema

No schema changes

REST API

The following API methods will have their gating functionality changes, as follows:

Performance

No performance degradation expected.

Plugins

CREDITS

Thanks to