hippogrief/pobsync
1
0
Fork 0
Code Issues 21 Pull Requests Actions Packages Projects Releases 3 Wiki Activity

(feature) Add read-only access level to control panel #72

Merged
parkel merged 1 commits from issue-40-access-levels into master 2026-05-28 22:00:45 +02:00
Conversation 0 Commits 1 Files Changed 13 +329 -126
parkel commented 2026-05-28 22:00:37 +02:00
Owner
Copy Link

Summary

  • Add a central pobsync access policy for status viewers and staff managers.
  • Allow authenticated non-staff users to view dashboard, hosts, runs, snapshots, schedules, purged history, changelog, and /api/status/.
  • Keep SSH credentials, logs, self-check, config, retention actions, backup queueing, and other mutating views staff-only.
  • Hide sensitive navigation, host controls, effective config, SSH/preflight details, and full rsync log links from read-only users.
  • Document the two access levels in the README.
  • Add tests for read-only navigation, view access, hidden sensitive config, and API access.

Tests

  • .venv/bin/python manage.py test src.pobsync_backend --verbosity 2
  • .venv/bin/python manage.py check
  • git diff --check

Closes #40

## Summary - Add a central pobsync access policy for status viewers and staff managers. - Allow authenticated non-staff users to view dashboard, hosts, runs, snapshots, schedules, purged history, changelog, and `/api/status/`. - Keep SSH credentials, logs, self-check, config, retention actions, backup queueing, and other mutating views staff-only. - Hide sensitive navigation, host controls, effective config, SSH/preflight details, and full rsync log links from read-only users. - Document the two access levels in the README. - Add tests for read-only navigation, view access, hidden sensitive config, and API access. ## Tests - `.venv/bin/python manage.py test src.pobsync_backend --verbosity 2` - `.venv/bin/python manage.py check` - `git diff --check` Closes #40
parkel added 1 commit 2026-05-28 22:00:38 +02:00
(feature) Add read-only access level to control panel 81ee848f5f 
Introduce a central access policy that lets authenticated non-staff users view
backup status pages while keeping credentials, logs, configs, and mutating
actions staff-only.

Hide sensitive navigation and host controls for read-only users, expose only
the status API to authenticated viewers, and document the two access levels.
parkel merged commit b4833560b5 into master 2026-05-28 22:00:45 +02:00
parkel deleted branch issue-40-access-levels 2026-05-28 22:00:45 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
area: future
Longer-term product direction.
 area: observability
Metrics, history, and capacity insights.
 area: policy
Backup policies, templates, and automation.
 area: restore
Restore and recovery workflows.
 area: security
Permissions, audit, and security hardening.
 bugfix
Bug fixes and correctness work.
 docs
Documentation and operator guidance.
 feature
New functionality.
 refactor
Internal restructuring without direct behavior changes.
 release
Release preparation and publishing.
 security
Security, permissions, and audit work.
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
parkel
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: hippogrief/pobsync#72
Delete Branch "issue-40-access-levels"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?