loading...

re: What was your win this week? VIEW POST

FULL DISCUSSION
 

I decreased the likelihood that one of our admins accidentally submits a dangerous site config option...

Add additional safeguards for config write access #6064

What type of PR is this? (check all applicable)

  • [ ] Refactor
  • [x] Feature
  • [ ] Bug Fix
  • [ ] Optimization
  • [ ] Documentation Update

Description

This related to this issue: #6049

I wouldn't want to say it fully closes it, but is a step in safeguarding this area.

This pull request adds extra safeguards for the /internal/config area of the site. This area contains values which could cause big problems if accidentally changed. It makes sense to restrict them even more thoroughly than other parts of the internal experience.

It now makes it so that anyone with admin, super_admin or single_resource_admin Config can view this area, but only users with the role single_resource_admin Config can write to it. And they need to submit this phrase when making a change as confirmation:

My username is @your_username and this action is 100% safe and appropriate.

The details here really should not change very often, so I think this is all pretty reasonable.

Added a message to make it clear:

Screen Shot 2020-02-13 at 1 22 20 PM

Screen Shot 2020-02-13 at 1 21 52 PM

Screen Shot 2020-02-13 at 1 30 45 PM

Also made a small tweak to /internal/permissions to make it clearer which exact permissions folks have.

Screen Shot 2020-02-13 at 1 22 51 PM

Thanks to @vaidehijoshi for being the catalyst on this.

code of conduct - report abuse