[katello-devel] Defining permissions for errata and packages
Justin Sherrill
jsherril at redhat.com
Mon Jan 16 14:24:27 UTC 2012
On 01/16/2012 08:41 AM, Lukas Zapletal wrote:
> Hello,
>
> after my permissions API review, I found two UI controllers without
> permissions set:
>
> packages_controller.rb
> errata_controller.rb
>
> As I am not able to find them on the
>
> https://fedorahosted.org/katello/wiki/PermissionMatrix
>
> page, please pingme (Partha? Justin?) today. I need some help with
> defining proper rules for those controllers.
>
> Thanks
>
Hey,
So I believe I know the reason behind a lack of permissions. To me the
permissions should be the same as a repository. If the user has read
access to a provider and read access to an environment (so really a
combination of two permissions).
Essentially the same permissions as the promotions controller:26:
prod_test = lambda{ @environment.contents_readable? and @product.nil? ?
true : @product.provider.readable? }
I believe originally you could not easily tell what all repos a package
or errata was in, so it would be extremely expensive to tell if out of
all of the user's accessible providers, is the packages in any of that
providers repos.
Recently pulp added a new 'repoids' attribute to the package and errata
return structure. This should make this much easier to check to see
whether the package has a repo where the user has read access of that
that environment and provider.
-Justin
More information about the katello-devel
mailing list