The JSONSchema editor is not shown when the user only has view permission. This also hides the configuration of the device. Moreover, the configuration variables are shown as string representation of Python object:

This is not good for UX. We shall show the value of these fields as indented JSON in the UI when the user has read-only permission.

This issue affect both template and device admin pages.

This issue was first found in #840 (review)

PS added by @nemesifier, applies for:

• device admin
• template admi
• vpn server admin
• group variables and metadata
• credentials, parameters:
  • if the user has view permissions because is member of the org, this should work as the other objects listed above
  • if a non superuser is viewing shared credentials, I think we should completely hide the parameters field both in admin and REST API