Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bug report] Reporting a issue not possible from kiosk with ALLOW_CONDITIONAL_URLS = False #279

Open
r-xyz opened this issue Mar 18, 2025 · 3 comments
Open

[bug report] Reporting a issue not possible from kiosk with ALLOW_CONDITIONAL_URLS = False #279

r-xyz opened this issue Mar 18, 2025 · 3 comments

Comments

@r-xyz
Copy link
Contributor

r-xyz commented Mar 18, 2025

Hi @rptmat57,
I am reporting a possible bug (might be by design, though).

We are running a separate kiosk instance, which is running with ALLOW_CONDITIONAL_URLS = False.

Enabling/Disabling tools work as expected, nonetheless if a user tries to report an issue requesting tool shutdown, they receive the Tool control is only available on campus error.

Should this permission be added inside NEMO | user | Kiosk Services?

Thanks,
r-xyz
@r-xyz r-xyz changed the title [bug report] Reporting a issue not possible from kiosk with `ALLOW_CONDITIONAL_URLS = False [bug report] Reporting a issue not possible from kiosk with ALLOW_CONDITIONAL_URLS = False Mar 18, 2025
@rptmat57
Copy link
Contributor

My first thought was "how is it possible to run a kiosk with ALLOW_CONDITIONAL_URLS = False?"
I didn't realize it was possible.
We run the public facing NEMO without the NEMO.apps.kiosk

The goal of the ALLOW_CONDITIONAL_URLS is to reduce risks and security issues by limiting the URLs available, and that usually include all tool control.
At NIST the instance running with ALLOW_CONDITIONAL_URLS = False is on a separate network, with no way to connect to the interlocks.

I think that was the original intent. With that in mind, I am not sure what to do here, if the kiosk and area access URLs should just never be included when conditional urls are False, or since we somehow let it be possible until now, if we should be consistent and let it be shut down from there...

@r-xyz
Copy link
Contributor Author

r-xyz commented Mar 18, 2025

Thanks for the quick reply.

We also have a separate public instance, with ALLOW_CONDITIONAL = False, an internal admin and a separate kiosk one with ALLOW_CONDITIONAL = False.

I can confirm that if logging on the kiosk one, you are still getting the "not on campus" error if you try to enable any tool from normal interface.
Using kiosk interface and kiosk user (with special NEMO | user | Kiosk Services permissions) you are unable to enable and disable tools after "logging in" using your badge.

For our side no issue, whichever solution is chosen we will make the required changes to our setup.
Apologies, I assumed the original intent was to have the kiosk working without conditional urls; I would have reported privately otherwise.

@rptmat57
Copy link
Contributor

Alright, so to be consistent with the original intent of the feature I think we should enforce the following:

  • Tool control should not be working from anywhere when ALLOW_CONDITIONAL_URLS = False (kiosk or not)
  • Tool control should be working from both web and kiosk when ALLOW_CONDITIONAL_URLS = True

In the end it will be up to the person configuring the separate instances of NEMO to enable only the kiosk (I haven't tested it but you should be able to have NEMO.apps.kiosk without NEMO in INSTALLED_APPS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rptmat57 @r-xyz