Tracker #17954
closed
Unify roles and permissions across plugins
0%
Description
Each plugin handles permissions and roles differently: some create just permissions and no roles, some create plugin-specific roles. This tracker should monitor the progress of making roles uniform across all plugins.
Expected outcome:
- each plugin has plugin-specific Viewer and Manager roles (see openscap or rex). Additional plugin-specific roles are certainly possible if plugin needs them.
- plugin permissions are added to Manager and Viewer roles provided by core.
Updated by Ondřej Pražák almost 8 years ago
- Blocked by Bug #17953: Add remote execution permissions to Viewer and Manager roles added
Updated by Ondřej Pražák almost 8 years ago
- Blocks Bug #17952: Add foreman_openscap permissions to Viewer and Manager roles added
Updated by Ondřej Pražák almost 8 years ago
- Blocks deleted (Bug #17952: Add foreman_openscap permissions to Viewer and Manager roles)
Updated by Ondřej Pražák almost 8 years ago
- Blocked by Bug #17952: Add foreman_openscap permissions to Viewer and Manager roles added
Updated by Ondřej Pražák almost 8 years ago
- Blocked by Bug #17957: Add foreman_ansible permissions to Viewer and Manager roles added
Updated by Ondřej Pražák almost 8 years ago
- Blocked by Bug #17959: Add foreman_discovery permissions to Manager and Viewer roles added
Updated by Ondřej Pražák almost 8 years ago
- Blocks Bug #17960: Add foreman_docker permissions to Manager and View roles added
Updated by Ondřej Pražák almost 8 years ago
- Blocks deleted (Bug #17960: Add foreman_docker permissions to Manager and View roles)
Updated by Ondřej Pražák almost 8 years ago
- Blocked by Bug #17960: Add foreman_docker permissions to Manager and View roles added
Updated by Ondřej Pražák almost 8 years ago
- Blocked by Bug #17961: Add foreman-tasks permissions to Manager and Viewer roles added
Updated by Ondřej Pražák almost 8 years ago
- Blocks Bug #17962: Add Katello's permissions to Manager and and Viewer roles added
Updated by Ondřej Pražák almost 8 years ago
- Blocks deleted (Bug #17962: Add Katello's permissions to Manager and and Viewer roles)
Updated by Ondřej Pražák almost 8 years ago
- Blocked by Bug #17962: Add Katello's permissions to Manager and and Viewer roles added
Updated by Ondřej Pražák almost 8 years ago
- Blocked by Bug #17963: Add foreman_bootdisk permissions to Manager role added
Updated by Marek Hulán almost 8 years ago
Ondřej, could we also prevent this happening in future? What if every permission defined by plugin would be automatically assigned to Manager role and if it matches view_.+ it would be also associated to Viewer? Plugins would only defined plugin_manager and plugin_viewer role. Any other suggestions are welcome.
Updated by Ondřej Pražák almost 8 years ago
- Blocked by Feature #18001: Allow plugins to easily add their permissions to core's Viewer and Manager added
Updated by Ondřej Pražák almost 8 years ago
I do not think we can do this completely automatically and there may be cases when we do not want to. But I think #18001 is a reasonable solution.
Updated by Marek Hulán almost 8 years ago
- Assignee set to Ondřej Pražák
- Target version set to 1.11.2
Updated by Marek Hulán almost 8 years ago
- Target version changed from 1.11.2 to 1.11.4
Updated by Marek Hulán over 7 years ago
- Target version changed from 1.11.4 to 1.12.1
Updated by Marek Hulán over 7 years ago
- Target version changed from 1.12.1 to 1.12.3
Updated by Ondřej Pražák over 7 years ago
- Blocked by Feature #19039: Lock plugin roles added
Updated by Marek Hulán over 7 years ago
- Target version changed from 1.12.3 to 1.13.0
Updated by Marek Hulán over 7 years ago
- Target version changed from 1.13.0 to 1.13.2
Updated by Marek Hulán over 7 years ago
- Target version changed from 1.13.2 to 1.13.4
Updated by Lukas Zapletal over 7 years ago
In Discovery we are planning to lock and reset default discovery plugin roles in a seed script, this is likely a precedent. See discussion at https://github.com/theforeman/foreman_discovery/pull/352
I think the plugin API should do this automatically when roles are being registered (they should be locked).
Updated by Lukas Zapletal over 7 years ago
- Related to Bug #19944: Upgrade fails due to missing override column in filter added
Updated by Marek Hulán over 7 years ago
Lukas Zapletal wrote:
In Discovery we are planning to lock and reset default discovery plugin roles in a seed script, this is likely a precedent. See discussion at https://github.com/theforeman/foreman_discovery/pull/352
I think the plugin API should do this automatically when roles are being registered (they should be locked).
I believe it's tracked by http://projects.theforeman.org/issues/19039, which is ready for testing
Updated by Marek Hulán over 7 years ago
- Target version changed from 1.13.4 to 1.14.0
Updated by Marek Hulán over 7 years ago
- Target version changed from 1.14.0 to 1.14.3
Updated by Marek Hulán over 7 years ago
- Target version changed from 1.14.3 to 1.17.0-RC2
Updated by Marek Hulán over 7 years ago
- Target version changed from 1.17.0-RC2 to 1.18.0-RC2
Updated by Marek Hulán about 7 years ago
- Target version changed from 1.18.0-RC2 to 214
Updated by Marek Hulán about 7 years ago
- Status changed from New to Closed
It seems like all related issues have been closed, closing this one.