[katello-devel] One more change in the AR RBAC
Lukas Zapletal
lzap at redhat.com
Tue May 31 08:29:08 UTC 2011
Hello all,
I did one more change that needs the world-famous
# rake setup
Please do it.
I have prefixed all the AR resource types with "ar_" for better
debugging purposes. Once we define all permissions and roles I will
remove this. For me this is great improvement because it was tricky to
track RBAC-related errors until now.
As you can see in the roles UI screen one can define permissions per
model objects now. E.g. if you click on Add permission and select
ar_providers permission type you will see providers being loaded from
the database now.
I have created new "anonymous" user that has permission to do "nothing".
Its a typical "nobody" user/role. Until now when user was not logged in
we was using a "nil" value for that. If the permission stack now see
"nil" value it tries to consult the database against "anonymous" user
before it denies access. We can now assign some permissions to anonymous
users if we want to.
More info on the demo. Don't hesitate to ask.
--
Later,
Lukas Zapletal | E32E400A
RHN Satellite Engineering
Red Hat Czech s.r.o. Brno
More information about the katello-devel
mailing list