Skip to content

Enhancement request: Allow "Scan all packages" for users other than superusers #385

@rogu-beta

Description

@rogu-beta

Is your enhancement request related to a problem? Please describe.
During tests we noticed that "Scan all packages" is not available to staff users with Engineering or Data Administration role. Instead it is only available to superusers. Given that SBOMs are oftentimes missing information, such as the download URL, scanning needs to be done after running "Improve Packages from PurlDB". If the option "Scan all packages" is not available, this would greatly complicate daily work.

include_scancodeio_features = all(
[
scancodeio.is_configured(),
user.is_superuser,
dataspace.enable_package_scanning,
context["is_user_dataspace"],
]
)
context["has_scan_all_packages"] = include_scancodeio_features

conditions = [
scancodeio.is_configured(),
user.is_superuser,
user_dataspace.enable_package_scanning,
user_dataspace.name == dataspace,
]

Unless there is a reason why this functionality is limited to superusers, that I am not aware of, I would suggest that staff user and a suitable role should be enough restrictions to limit who can trigger that functionality.

What are the benefits of the requested enhancement?
All packages could be scanned after using "Improve Packages from PurlDB" to add download URLs to packages in the inventory.

Describe the solution you would like
Access should not be limited to superusers but instead to staff users with a suitable role.

Additional notes
n.a.

Metadata

Metadata

Assignees

No one assigned

    Labels

    design neededDesign details needed to complete the issueenhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions