[katello-devel] Current roles/permissions in the seeds file
Bryan Kearney
bkearney at redhat.com
Tue May 17 12:18:49 UTC 2011
On 05/17/2011 07:18 AM, Lukas Zapletal wrote:
> On 05/16/2011 10:44 PM, Bryan Kearney wrote:
>> To do this, we would need to change how the ApplicationController works,
>> but it will move us to more business permissions which work across the
>> CLI and the UI. Is this correct, or off base?
>
> That's what we've agreed on.
>
> The current approach is taken from the Foreman. Nice thing is it works
> automatic - every action is protected and no checking code is necessary.
> It also allows separate rules for UI and API which turns out to be
> disadvantage for us.
>
Ok.. so what I have on the backlog below is replacing that?
# As a dev, I'd like to protect ActiveRecord? resources
1. Design and implement API for AR resoures
2. Align with the current REST resources API
1. unify the approach (tags) so single checking code can be used
3. Change the way how static permissions are stored from multiple
Permission records to one with multiple Verb records 1.Update
documentation on the wiki
# Add CRUD permission checks to all Glue model objects.
-- bk
More information about the katello-devel
mailing list