[Freeipa-devel] [PATCH] 552-557 Permissions v2 Web UI
Petr Vobornik
pvoborni at redhat.com
Tue Mar 18 12:09:09 UTC 2014
New revision for patch patch #557 attached.
On 17.3.2014 15:22, Petr Viktorin wrote:
> On 03/14/2014 06:47 PM, Petr Vobornik wrote:
>> Main ACI UI changes are in patch #557. The rest are prerequisites.
>
> With this UI it is impossible to change from "Type-based" permissions to
> "General" ones. This seems to be remaining from the old model where
> permissions were type/filter/subtree/targetgroup were "classes" of a
> permission rather than co-existing as attributes.
>
> Rather the Target section should IMO look the same for all (non-managed)
> permissions, with the first items being:
> Type: [drop-down with a None option]
> Subtree: [textbox that is disabled when a Type is selected]
>
> The Subtree should be a one-line textbox. It would be acceptable if the
> whole DN doesn't always fit, it's the first part that's important.
>
> Remember to only send Subtree if Type is (staying as | being set to) None.
>
> Also, the Add dialog should use this instead of the "Define by".
Done
>
>
>
> With managed permissions, if I try to change both included/excluded
> attribute list and the effective attributes, I get a validation error,
> which is good in CLI but it doesn't work well for the UI.
>
> I think it would be better to move "Managed permission overrides" below
> "Target", and make it read-only. And perhaps rename it to something like
> "Attribute breakdown".
> Managing the included/excluded lists directly is only useful for
> upgrades with a heavily customized policy, and for upgrades you need the
> CLI anyway. Normally, having only the attribute list editable should be
> fine.
Done
>
>
>
> For SYSTEM permissions (those which only have the SYSTEM flag), such as
> 'Add Automember Rebuild Membership Task', Permissions should not be
> editable.
> For old-style permissions (those without any flags), nothing is editable
> but everything should be. The attributelevelrights are missing because
> the entry doesn't have the ipaPermissionV2 objectclass yet (although
> it's being reported, which is "my" bug -- #4257).
Fields were set to be editable if attributes level rights are missing.
>
>
> I filed these tickets based on face-to-face discussion about this and
> the UI in general:
> https://fedorahosted.org/freeipa/ticket/4253 Attribute box un permission
> UI is too small
> https://fedorahosted.org/freeipa/ticket/4254 Managed permission UI: use
> read-only fields instead of disabled ones
> https://fedorahosted.org/freeipa/ticket/4255 Web UI: Display "Loading"
> message when a list of entries is being loaded
>
>
>> These changes requested the unpopular update of JSON metadata files -
>> it's for tests. This patch(#552) is compressed, otherwise it has 930KB.
>
> :(
>
--
Petr Vobornik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pvoborni-0557-1-webui-change-permissions-UI-to-v2.patch
Type: text/x-patch
Size: 46244 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140318/a7be9db3/attachment.bin>
More information about the Freeipa-devel
mailing list