#19 Restrict Project Editting to Administrators

closed
nobody
None
5
2008-09-08
2008-02-29
rob_webset
No

I have created a patch that allows you to seperate Administrator roles from user roles. I know that there is no user configuration options within codestriker and (think it is unlikely that such a thing will be available any time soon?)

This patch seperates the codestriker.pl into two files, removing the "Project editting" into a seperate file "codestrikeradmin.pl". This allows you to use apache to configure user rights for each area. e.g.

<Directory "C:/codestriker/cgi-bin/">
AuthType Basic
AuthName "Codestriker Authentication"
AuthLDAPAuthoritative on
AuthLDAPBindDN "..."
AuthLDAPBindPassword ...
AuthLDAPURL "..."
Require group ...
SSLRequireSSL

AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
SetHandler cgi-script

<Files codestrikeradmin.pl>
Require user rhudson
</Files>
</Directory>

This is quite important for us, as we would want to prevent users from creating projects off their own back.

It would also open the way to implement things like:

[ 1472121 ] Introduce proper state table

And some other changes to make codestriker more configurable, but still prevent any user just changing these key settings.

Comments/thoughts?

Thanks

Rob

Discussion

  • rob_webset
    rob_webset
    2008-02-29

    Split codestriker.pl into two

     
    Attachments
  • Logged In: NO

    Rob this seems a good idea. Could you tell me how do I apply the patch?

     
  • Logged In: NO

    Rob this seems a good idea. Could you tell me how do I apply the patch?

     
  • Logged In: NO

    Rob this seems a good idea. Could you tell me how do I apply the patch?

     
  • rob_webset
    rob_webset
    2008-03-04

    Logged In: YES
    user_id=1137102
    Originator: YES

    Hi "nobody",

    To apply the patch you'll need to apply the diff file attached (Either manually or with some patch tool - think unix has one). Then run install.pl again and do the Apache changes detailed in the description.

    Note that it doesn't look like this is going to be applied to the final release as it will be acheived via REST instead.

    Rob

     
  • David Sitsky
    David Sitsky
    2008-08-06

    Logged In: YES
    user_id=208928
    Originator: NO

    Hi Rob,

    Just to let you know - the URL rewriting work I have detailed in this bug is on my radar now. Hopefully an initial version will be completed soon, so that you'll then have the possibility to apply URL security in your apache config to mask off admin/* to just your admin users.

     
  • David Sitsky
    David Sitsky
    2008-09-08

    Logged In: YES
    user_id=208928
    Originator: NO

    The latest version of Codestriker now has proper user authentication/authorisation to support this easily. Check out the $admin_users variable in codestriker.conf.

    This will be released in the upcoming 1.9.7 release.

     
  • David Sitsky
    David Sitsky
    2008-09-08

    • status: open --> closed