0

Unfortunately I experience some issues with Eclipse Che (6.1.1) Multiuser running on Docker.

I read through the documentation here https://www.eclipse.org/che/docs/6/che/docs/permissions.html

Let's say I have two users, one admin and one general user.

Issue 1)

I can fetch the general users information via http://hostname:8081/api/user/1daa1ba9-ad7a-4d31-8e0c-df6f22d6b15f

Also I can display all permissions via http://hostname:8081/api/permissions

[
{
    "id": "system",
    "allowedActions": [
        "manageSystem",
        "setPermissions"
    ]
},
{
    "id": "workspace",
    "allowedActions": [
        "read",
        "use",
        "run",
        "configure",
        "setPermissions",
        "delete"
    ]
},
{
    "id": "stack",
    "allowedActions": [
        "search",
        "read",
        "update",
        "setPermissions",
        "delete"
    ]
},
{
    "id": "organization",
    "allowedActions": [
        "manageSuborganizations",
        "update",
        "setPermissions",
        "delete",
        "manageResources",
        "createWorkspaces",
        "manageWorkspaces"
    ]
}
]

Now, when I want to fetch the permissions for systems domain http://hostname:8081/api/permissions/system I get

{
"message": "System permissions for user '1daa1ba9-ad7a-4d31-8e0c-df6f22d6b15f' not found"
}

For http://{{host}}:{{port}}/api/permissions/system/all I get

{
"message": "User is not authorized to perform this operation"
}

Both works with the admin account that is created by default.

Issue 2)

I haven't found a way to display the permissions for other users? E.g. to display the general users permissions from the admin account. Is this possible and maybe is missing in the documentation?

Thanks and kind regards, Dominik

p0laris
  • 1
  • 1

1 Answers1

0

Issue 1. I suppose user with id 1daa1ba9-ad7a-4d31-8e0c-df6f22d6b15f is not admin. So, it's why you get 404 response code with the specified message when you request system permissions for the current user. It means that current user doesn't have any system permissions.

The second request http://{{host}}:{{port}}/api/permissions/system/all is supposed to send all users which have system permissions, i.e. all admins. API allows getting permissions of all users for a specified domain, instance only if a user has any permission there. So only admins (doesn't matter which actions they have) are able to view a list of admins.

Issue 2. There is only a way to get all users permissions to the particular instance of a specified domain https://www.eclipse.org/che/docs/6/che/docs/permissions.html.

Like http://{{host}}:{{port}}/api/permissions/system/all will return all admins permissions, or http://{{host}}:{{port}}/api/permissions/workspace/all?instance={{workspaceId}} will return all users permissions to the specified workspace.

Let me know if there is something missed or that is not clear.

P.S. I'll create an issue for Che docs to make it more clear which permissions are required for requesting Permissions API methods.

Serhii Leshchenko
  • 116
  • 2
  • Thanks for the quick reply! **Issue 1** As the user has the `setPermissions` actions allowed, I assumed that this operation worked. How do I then make a user an admin? **Issue 2** I now understand that the commands will send a list of all users that have the required permissions here, instead of showing the permissions for a specific users. I'll try with more users and see how it behaves, thanks! – p0laris Mar 04 '18 at 14:17
  • **Issue 1** Actions are related to a particular instance. To make a user an admin you should grant him system domain related actions: manageSystem, manageUsers, setPermissions. You don't have `manageUsers` it looks like a bug. I'll create an issue. So, to make a user an admin you should use [assign-permissions](https://www.eclipse.org/che/docs/6/che/docs/permissions.html#assign-permissions) method. `POST {CHE_HOST}/api/permissions` ``` { "actions": [ "manageSystem", "manageUsers", "setPermissions" ], "userId": "{USER_ID}", "domainId": "system" } ``` – Serhii Leshchenko Mar 05 '18 at 07:43