From c9616d6f115c4be86d64bd1418640bad3daede6a Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 24 Mar 2022 16:25:47 +0100 Subject: [PATCH] Backport PR #3843: Some typos in docs - fix some references to old 'all' name which was renamed 'inherit' - fix a heading level in changlog that sphinx warns about Signed-off-by: Min RK --- docs/source/changelog.md | 2 +- docs/source/rbac/roles.md | 2 +- docs/source/rbac/scopes.md | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/source/changelog.md b/docs/source/changelog.md index 0d5d5e6c..09878efa 100644 --- a/docs/source/changelog.md +++ b/docs/source/changelog.md @@ -53,7 +53,7 @@ command line for details. [@choldgraf](https://github.com/search?q=repo%3Ajupyterhub%2Fjupyterhub+involves%3Acholdgraf+updated%3A2022-03-07..2022-03-11&type=Issues) | [@consideRatio](https://github.com/search?q=repo%3Ajupyterhub%2Fjupyterhub+involves%3AconsideRatio+updated%3A2022-03-07..2022-03-11&type=Issues) | [@minrk](https://github.com/search?q=repo%3Ajupyterhub%2Fjupyterhub+involves%3Aminrk+updated%3A2022-03-07..2022-03-11&type=Issues) | [@NarekA](https://github.com/search?q=repo%3Ajupyterhub%2Fjupyterhub+involves%3ANarekA+updated%3A2022-03-07..2022-03-11&type=Issues) | [@yuvipanda](https://github.com/search?q=repo%3Ajupyterhub%2Fjupyterhub+involves%3Ayuvipanda+updated%3A2022-03-07..2022-03-11&type=Issues) -# 2.2.0 2022-03-07 +### 2.2.0 2022-03-07 JupyterHub 2.2.0 is a small release. The main new feature is the ability of Authenticators to [manage group membership](authenticator-groups), diff --git a/docs/source/rbac/roles.md b/docs/source/rbac/roles.md index 47927c64..19962f4a 100644 --- a/docs/source/rbac/roles.md +++ b/docs/source/rbac/roles.md @@ -7,7 +7,7 @@ JupyterHub provides four roles that are available by default: ```{admonition} **Default roles** - `user` role provides a {ref}`default user scope ` `self` that grants access to the user's own resources. - `admin` role contains all available scopes and grants full rights to all actions. This role **cannot be edited**. -- `token` role provides a {ref}`default token scope ` `all` that resolves to the same permissions as the owner of the token has. +- `token` role provides a {ref}`default token scope ` `inherit` that resolves to the same permissions as the owner of the token has. - `server` role allows for posting activity of "itself" only. **These roles cannot be deleted.** diff --git a/docs/source/rbac/scopes.md b/docs/source/rbac/scopes.md index bae42f07..f5b60cff 100644 --- a/docs/source/rbac/scopes.md +++ b/docs/source/rbac/scopes.md @@ -38,7 +38,7 @@ By adding a scope to an existing role, all role bearers will gain the associated Metascopes do not follow the general scope syntax. Instead, a metascope resolves to a set of scopes, which can refer to different resources, based on their owning entity. In JupyterHub, there are currently two metascopes: 1. default user scope `self`, and -2. default token scope `all`. +2. default token scope `inherit`. (default-user-scope-target)= @@ -57,11 +57,11 @@ The `self` scope is only valid for user entities. In other cases (e.g., for serv ### Default token scope -The token metascope `all` covers the same scopes as the token owner's scopes during requests. For example, if a token owner has roles containing the scopes `read:groups` and `read:users`, the `all` scope resolves to the set of scopes `{read:groups, read:users}`. +The token metascope `inherit` causes the token to have the same permissions as the token's owner. For example, if a token owner has roles containing the scopes `read:groups` and `read:users`, the `inherit` scope resolves to the set of scopes `{read:groups, read:users}`. -If the token owner has default `user` role, the `all` scope resolves to `self`, which will subsequently be expanded to include all the user-specific scopes (or empty set in the case of services). +If the token owner has default `user` role, the `inherit` scope resolves to `self`, which will subsequently be expanded to include all the user-specific scopes (or empty set in the case of services). -If the token owner is a member of any group with roles, the group scopes will also be included in resolving the `all` scope. +If the token owner is a member of any group with roles, the group scopes will also be included in resolving the `inherit` scope. (horizontal-filtering-target)=