[katello-devel] Current roles/permissions in the seeds file
Bryan Kearney
bkearney at redhat.com
Tue May 17 15:55:36 UTC 2011
On 05/17/2011 08:25 AM, Lukas Zapletal wrote:
> On 05/17/2011 02:18 PM, Bryan Kearney wrote:
>> On 05/17/2011 07:18 AM, Lukas Zapletal wrote:
>>> On 05/16/2011 10:44 PM, Bryan Kearney wrote:
>>>> To do this, we would need to change how the ApplicationController
>>>> works,
>>>> but it will move us to more business permissions which work across the
>>>> CLI and the UI. Is this correct, or off base?
>>>
>>> That's what we've agreed on.
>>>
>>> The current approach is taken from the Foreman. Nice thing is it works
>>> automatic - every action is protected and no checking code is necessary.
>>> It also allows separate rules for UI and API which turns out to be
>>> disadvantage for us.
>>>
>> Ok.. so what I have on the backlog below is replacing that?
>>
>> # As a dev, I'd like to protect ActiveRecord? resources
>>
>> 1. Design and implement API for AR resoures
>> 2. Align with the current REST resources API
>> 1. unify the approach (tags) so single checking code can be used
>> 3. Change the way how static permissions are stored from multiple
>> Permission records to one with multiple Verb records 1.Update
>> documentation on the wiki
>>
>> # Add CRUD permission checks to all Glue model objects.
>>
>> -- bk
>>
>
> Here is what I sent you recently, marking with [***]
>
> As a dev, I'd like to protect ActiveRecord resources
> - Design and implement API for AR resoures
> - Align with the current REST resources API
> - unify the approach (tags) so single checking code can be used
> - Change the way how static permissions are stored
> - from multiple Permission records to one with multiple Verb records
> - Update documentation on the wiki
ok.. these are in.. good.
>
> As a dev, I'd like to unify UI and API protection [***]
> - Move the protection layer from UI controllers to glue layer
> OR
> - Add protection of API controllers
> - Update documentation on the wiki
So.. this is the design choice to make.. one or the other.. got it.
>
> As a dev, I'd like to have security design document
> - Design out roles and permissions for UI
> - Design out roles and permissions for API
There should only be one set of roles.. yes?
-- bk
More information about the katello-devel
mailing list