[Ovirt-devel] [PATCH] permission denormalization. (revised)
jguiditt at redhat.com
Thu Aug 7 17:20:18 UTC 2008
Sent a reply with an attachment which seems to have not gone through, so
trying again without:
This partially works for me, but noticed a couple of things.
* when viewing the users grid, the column with 'inherited/direct' has
no header. This may be ok, but when you mouse over it, you get a
clickable arrow that drops down a box that can't be fully seen
(attaching screenshot, hard to describe)
* Not sure where this breaks exactly, but when I log in as a user with
no permissions, I still get all nodes returned in the tree (so
fetch_json must not be filtering right). However, when I click on one
of them, I see rails attempting to reroute me to /login. Similarly, get
the full tree for a valid user with a small set of permissions, and can
go only to approve pools (though I still see them in the tree).
* Search results return items my user does not have permission for.
Again, I cannot click on them, so that part of security is there. (I
think this is covered in the next patch, which I have not tested yet).
* I have not been able to test granting a new permission as my developer
appliance has not yet successfully reinstalled. I kept getting the
'ERROR:root:Unable to create appliance : Failed to find package 'curl' :
No package(s) available to install'
Trying a full reinstall but am pretty much done for the day/week (it has
been running a 1/2 hour is is maybe halfway through). I'll check in on
it later this after and give feedback if it is successful.
More information about the ovirt-devel