Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[UI] Unpublished assets should not be accessible anonymously #207

Closed
ckadner opened this issue Sep 9, 2021 · 4 comments · Fixed by #248
Closed

[UI] Unpublished assets should not be accessible anonymously #207

ckadner opened this issue Sep 9, 2021 · 4 comments · Fixed by #248
Assignees
@Zachary-Fernandes
Labels
bug Something isn't working RCOS Potential work items for RCOS student interns size/XS UI User Interface

Comments

@ckadner
Copy link
Member

ckadner commented Sep 9, 2021
edited
Loading

Describe the bug

After an admin unpublished an asset (unchecks the boxes for featured and published), the direct access link should no longer work for unauthenticated users (private browser, not logged in).

To Reproduce

  1. Go to Datasets, select one, i.e. "Finance Proposition Bank"
  2. In the browser URL, you will find the direct access link: https:///datasets/finance-proposition-bank
  3. As a logged-in admin user, click on "VIEW ALL DATASETS"
  4. Uncheck the boxes for "Featured" and "Published" for the "Finance Proposition Bank"
  5. Go back to "FEATURED" and see the "Finance Proposition Bank" dataset should no longer be there
  6. Open a Private Browser and paste the link from step 2.: https:///datasets/finance-proposition-bank
  7. See the page show up with all the details

Expected behavior

  • The anonymous user should get a 404 page
  • Logged-in Admins should still see it
@ckadner ckadner added bug Something isn't working UI User Interface labels Sep 9, 2021
@ckadner ckadner added RCOS Potential work items for RCOS student interns size/XS labels Sep 21, 2021
@Zachary-Fernandes
Copy link
Contributor

@ckadner I would like to work on this issue.

@ckadner
Copy link
Member Author

ckadner commented Oct 13, 2021

The check if an asset is published should be added here:

Screen Shot 2021-10-13 at 11 01 33 AM

@ckadner
Copy link
Member Author

ckadner commented Oct 13, 2021

Check for admin user:

mlx/dashboard/origin-mlx/src/App.tsx

Line 61 in 2d5ca37

const isAdmin = hasRole(getUserInfo(), 'admin');

@ckadner
Copy link
Member Author

ckadner commented Oct 14, 2021

@Zachary-Fernandes -- Since we do not yet have a logout functionality #78 you would need to bring up the MLX UI in a private browser window to see the un-cached results for an anonymous user

@Zachary-Fernandes Zachary-Fernandes mentioned this issue Oct 27, 2021
Closed
Zachary-Fernandes added a commit to Zachary-Fernandes/mlx that referenced this issue Oct 27, 2021
@Zachary-Fernandes
Ensure unpublished assets cannot be accessed anonymously
9d6c727 
Added if check to redirect users to a 404 page if the asset they
attempt to access is unpublished and the user is anonymous.

Resolves machine-learning-exchange#207

Signed-off-by: Zachary-Fernandes <[email protected]>
@Zachary-Fernandes Zachary-Fernandes mentioned this issue Oct 27, 2021
Merged
mlx-bot pushed a commit that referenced this issue Oct 27, 2021
@Zachary-Fernandes
[UI] Ensure unpublished assets cannot be accessed anonymously (#248)
34c3ba3 
* Ensure unpublished assets cannot be accessed anonymously

Added if check to redirect users to a 404 page if the asset they
attempt to access is unpublished and the user is anonymous.

Resolves #207

Signed-off-by: Zachary-Fernandes <[email protected]>

* Removed debug message

Signed-off-by: Zachary-Fernandes <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Zachary-Fernandes Zachary-Fernandes

Labels
bug Something isn't working RCOS Potential work items for RCOS student interns size/XS UI User Interface
Projects
None yet
Milestone
No milestone
3 participants
@ckadner @drewbutlerbb4 @Zachary-Fernandes