Authentication/Roles #2119
Labels
Comments
|
The same happens if the AUTH_DEFAULT_ROLE parameter is set to "denied". |
|
Same problem for me; http://www.nightscout.info/wiki/welcome/website-features/0-9-features/authentication-roles Amy wrote there: readable: read-only access; no ability to make CarePortal/treatment entries. This user CAN see reports and profile information. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When the AUTH_DEFAULT_ROLE parameter is set to "readable", one can view reports, profile etc.
I have set up a subject with the "readable" priviledges and a unique link is generated.
Then I change the AUTH_DEFAULT_ROLE parameter to status-only. The user with the link can only see the main page, but cannot access any other page (reports, profile, etc) . All the other pages ask for the API Secret, even though the parent page is the one with the token.
The issue is that the "readable" priviledge changes behaviour.
One would expect that the user with the token would be able to view reports, etc.
--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/38420735-authentication-roles?utm_campaign=plugin&utm_content=tracker%2F2451736&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F2451736&utm_medium=issues&utm_source=github).The text was updated successfully, but these errors were encountered: