You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Org-wide batch commands (organization=null) created by superusers are currently visible to all organization managers/admins via the REST API. However, there is no proper support in openwisp-users for showing shared objects as read-only to non-superusers. This means org admins can see batch commands they didn't create and shouldn't have full access to.
Describe the solution you'd like
Implement shared object read-only support in openwisp-users so non-superusers can see objects with organization=null but cannot modify them.
Ensure org-wide batch commands are visible as read-only to org managers, while keeping create/update/delete restricted to superusers.
Hide sensitive data such as primary keys, error logs, and other restricted information from non-superusers for objects not in their managed organizations.
Describe alternatives you've considered
PR #1395 implements the Mass Command model and REST APIs with a temporary queryset filter (with TODO comments) to exclude organization=null commands for non-superusers. This workaround will be removed once openwisp-users properly supports shared objects as read-only.
Is your feature request related to a problem? Please describe.
Org-wide batch commands
(organization=null)created by superusers are currently visible to all organization managers/admins via the REST API. However, there is no proper support in openwisp-users for showing shared objects as read-only to non-superusers. This means org admins can see batch commands they didn't create and shouldn't have full access to.Describe the solution you'd like
Describe alternatives you've considered
PR #1395 implements the Mass Command model and REST APIs with a temporary queryset filter (with TODO comments) to exclude organization=null commands for non-superusers. This workaround will be removed once openwisp-users properly supports shared objects as read-only.
Additional context
Related openwisp-users issues and PR:
[feature] Allow viewing shared objects by non superadministrators as view only openwisp-users#238
[feature] Restrict access to sensitive fields for non-superuser openwisp-users#448
[feature] Allowed read only access of shared objects to non-superusers #238 openwisp-users#444
Releted openwisp-controller batch command issues and PR:
[feature:gsoc26] Add Mass Command asynchronous execution pipeline for batch device commands #1344
[feature:gsoc26] Add Django admin workflow for mass command execution and real-time monitoring #1345
[feature] Mass Command model and REST APIs for async command execution #1395
[feature] Django admin view for Mass Command model #1420
Note: Do not pick this up until the related issues/PR are closed.