[Ovirt-devel] [Patch] refactor permissions to reflect new roles/permission levels
Scott Seago
sseago at redhat.com
Wed Apr 23 19:04:43 UTC 2008
This refactors the permissions model to support the latest
permissions/roles design. The prior code handled privileges
independently -- so an administrator would need to be granted each
privilege separately.
The new model grants roles to users, currently "Super Admin",
"Administrator", "User", and "Monitor". Each role then has several
associated privileges (Super Admin gets all of them, Monitor only gets
to view objects, etc.)
So the user permissions code (where users are granted access) works on
the Roles -- but the permissions checks are by privilege.
Currently the role-privilege mapping is maintained in the Permission
class code, rather than in the DB. If necessary, this could later be
moved into the database (if, for example, we wanted to make it
configurable, etc.)
Scott
-------------- next part --------------
A non-text attachment was scrubbed...
Name: permissions-refactoring.patch
Type: text/x-patch
Size: 29645 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/ovirt-devel/attachments/20080423/de797257/attachment.bin>
More information about the ovirt-devel
mailing list