Skip to content

Allow defining read-only users

Giuseppe Lavagetto requested to merge ro_user_group into main

We've realized after deploying the app that there are users that might be interested at least in read-only access. So the plan is as follows:

  • change the code so that we can define a singular read-write group, that will be checked with mod_auth_cas headers like x-cas-memberof. Only users in that group will be able to write to the datastore and see the read-write features of the app.
  • Modify the puppet code to configure CAS so that it allows all users in group 'wmf' to see the rules, but only users in group 'ops' to modify objects.

Merge request reports