-
Defect
-
Resolution: Done
-
Standard
-
None
-
None
-
None
-
2
-
Sprint 193
Description:
Our Togglz implementation currently allows only a user named "rootAdmin" to access the Togglz console. This is unnecessarily strict, and it violates the group-based or role-based authorization model that we are migrating towards. As far as I can tell, it is the only place where the code checks for a specific user name.
Acceptance Criteria:
Change the access check to be based on whether the user is a member of the "Admin" group.
Change name of class.
Note: This behavior might be found in the RootAdminFeatureAdminUserProvider class.
Our Togglz implementation currently allows only a user named "rootAdmin" to access the Togglz console. This is unnecessarily strict, and it violates the group-based or role-based authorization model that we are migrating towards. As far as I can tell, it is the only place where the code checks for a specific user name.
Acceptance Criteria:
Change the access check to be based on whether the user is a member of the "Admin" group.
Change name of class.
Note: This behavior might be found in the RootAdminFeatureAdminUserProvider class.