[Freeipa-devel] [PATCH] 552-557 Permissions v2 Web UI
Petr Viktorin
pviktori at redhat.com
Mon Mar 17 14:22:31 UTC 2014
On 03/14/2014 06:47 PM, Petr Vobornik wrote:
> Main ACI UI changes are in patch #557. The rest are prerequisites.
With this UI it is impossible to change from "Type-based" permissions to
"General" ones. This seems to be remaining from the old model where
permissions were type/filter/subtree/targetgroup were "classes" of a
permission rather than co-existing as attributes.
Rather the Target section should IMO look the same for all (non-managed)
permissions, with the first items being:
Type: [drop-down with a None option]
Subtree: [textbox that is disabled when a Type is selected]
The Subtree should be a one-line textbox. It would be acceptable if the
whole DN doesn't always fit, it's the first part that's important.
Remember to only send Subtree if Type is (staying as | being set to) None.
Also, the Add dialog should use this instead of the "Define by".
With managed permissions, if I try to change both included/excluded
attribute list and the effective attributes, I get a validation error,
which is good in CLI but it doesn't work well for the UI.
I think it would be better to move "Managed permission overrides" below
"Target", and make it read-only. And perhaps rename it to something like
"Attribute breakdown".
Managing the included/excluded lists directly is only useful for
upgrades with a heavily customized policy, and for upgrades you need the
CLI anyway. Normally, having only the attribute list editable should be
fine.
For SYSTEM permissions (those which only have the SYSTEM flag), such as
'Add Automember Rebuild Membership Task', Permissions should not be
editable.
For old-style permissions (those without any flags), nothing is editable
but everything should be. The attributelevelrights are missing because
the entry doesn't have the ipaPermissionV2 objectclass yet (although
it's being reported, which is "my" bug -- #4257).
I filed these tickets based on face-to-face discussion about this and
the UI in general:
https://fedorahosted.org/freeipa/ticket/4253 Attribute box un permission
UI is too small
https://fedorahosted.org/freeipa/ticket/4254 Managed permission UI: use
read-only fields instead of disabled ones
https://fedorahosted.org/freeipa/ticket/4255 Web UI: Display "Loading"
message when a list of entries is being loaded
> These changes requested the unpopular update of JSON metadata files -
> it's for tests. This patch(#552) is compressed, otherwise it has 930KB.
:(
--
Petr³
More information about the Freeipa-devel
mailing list