Project

General

Profile

Actions

Tracker #17954

closed

Unify roles and permissions across plugins

Added by Ondřej Pražák over 7 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Category:
-
Target version:
-
% Done:

0%

Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Each plugin handles permissions and roles differently: some create just permissions and no roles, some create plugin-specific roles. This tracker should monitor the progress of making roles uniform across all plugins.

Expected outcome:
- each plugin has plugin-specific Viewer and Manager roles (see openscap or rex). Additional plugin-specific roles are certainly possible if plugin needs them.
- plugin permissions are added to Manager and Viewer roles provided by core.


Related issues 11 (0 open11 closed)

Related to Discovery - Bug #19944: Upgrade fails due to missing override column in filterClosedEric Helms06/06/2017Actions
Blocked by Foreman Remote Execution - Bug #17953: Add remote execution permissions to Viewer and Manager rolesClosedMarek Hulán01/06/2017Actions
Blocked by OpenSCAP - Bug #17952: Add foreman_openscap permissions to Viewer and Manager rolesClosedMarek Hulán01/06/2017Actions
Blocked by Ansible - Bug #17957: Add foreman_ansible permissions to Viewer and Manager rolesClosedMarek Hulán01/06/2017Actions
Blocked by Discovery - Bug #17959: Add foreman_discovery permissions to Manager and Viewer rolesClosedMarek Hulán01/06/2017Actions
Blocked by Docker - Bug #17960: Add foreman_docker permissions to Manager and View rolesClosedMarek Hulán01/06/2017Actions
Blocked by foreman-tasks - Bug #17961: Add foreman-tasks permissions to Manager and Viewer rolesClosedMarek Hulán01/06/2017Actions
Blocked by Katello - Bug #17962: Add Katello's permissions to Manager and and Viewer rolesClosedMarek Hulán01/06/2017Actions
Blocked by Boot disk - Bug #17963: Add foreman_bootdisk permissions to Manager roleClosedMarek Hulán01/06/2017Actions
Blocked by Foreman - Feature #18001: Allow plugins to easily add their permissions to core's Viewer and ManagerClosedOndřej Pražák01/10/2017Actions
Blocked by Foreman - Feature #19039: Lock plugin rolesClosedOndřej Pražák03/27/2017Actions
Actions #1

Updated by Ondřej Pražák over 7 years ago

  • Blocked by Bug #17953: Add remote execution permissions to Viewer and Manager roles added
Actions #2

Updated by Ondřej Pražák over 7 years ago

  • Blocks Bug #17952: Add foreman_openscap permissions to Viewer and Manager roles added
Actions #3

Updated by Ondřej Pražák over 7 years ago

  • Blocks deleted (Bug #17952: Add foreman_openscap permissions to Viewer and Manager roles)
Actions #4

Updated by Ondřej Pražák over 7 years ago

  • Blocked by Bug #17952: Add foreman_openscap permissions to Viewer and Manager roles added
Actions #5

Updated by Ondřej Pražák over 7 years ago

  • Bugzilla link set to 1304608
Actions #6

Updated by Ondřej Pražák over 7 years ago

  • Blocked by Bug #17957: Add foreman_ansible permissions to Viewer and Manager roles added
Actions #7

Updated by Ondřej Pražák over 7 years ago

  • Blocked by Bug #17959: Add foreman_discovery permissions to Manager and Viewer roles added
Actions #8

Updated by Ondřej Pražák over 7 years ago

  • Blocks Bug #17960: Add foreman_docker permissions to Manager and View roles added
Actions #9

Updated by Ondřej Pražák over 7 years ago

  • Blocks deleted (Bug #17960: Add foreman_docker permissions to Manager and View roles)
Actions #10

Updated by Ondřej Pražák over 7 years ago

  • Blocked by Bug #17960: Add foreman_docker permissions to Manager and View roles added
Actions #11

Updated by Ondřej Pražák over 7 years ago

  • Blocked by Bug #17961: Add foreman-tasks permissions to Manager and Viewer roles added
Actions #12

Updated by Ondřej Pražák over 7 years ago

  • Blocks Bug #17962: Add Katello's permissions to Manager and and Viewer roles added
Actions #13

Updated by Ondřej Pražák over 7 years ago

  • Blocks deleted (Bug #17962: Add Katello's permissions to Manager and and Viewer roles)
Actions #14

Updated by Ondřej Pražák over 7 years ago

  • Blocked by Bug #17962: Add Katello's permissions to Manager and and Viewer roles added
Actions #15

Updated by Ondřej Pražák over 7 years ago

  • Blocked by Bug #17963: Add foreman_bootdisk permissions to Manager role added
Actions #16

Updated by Marek Hulán over 7 years ago

Ondřej, could we also prevent this happening in future? What if every permission defined by plugin would be automatically assigned to Manager role and if it matches view_.+ it would be also associated to Viewer? Plugins would only defined plugin_manager and plugin_viewer role. Any other suggestions are welcome.

Actions #17

Updated by Ondřej Pražák over 7 years ago

  • Blocked by Feature #18001: Allow plugins to easily add their permissions to core's Viewer and Manager added
Actions #18

Updated by Ondřej Pražák over 7 years ago

I do not think we can do this completely automatically and there may be cases when we do not want to. But I think #18001 is a reasonable solution.

Actions #19

Updated by Marek Hulán over 7 years ago

  • Assignee set to Ondřej Pražák
  • Target version set to 1.11.2
Actions #20

Updated by Marek Hulán over 7 years ago

  • Target version changed from 1.11.2 to 1.11.4
Actions #21

Updated by Marek Hulán over 7 years ago

  • Target version changed from 1.11.4 to 1.12.1
Actions #22

Updated by Marek Hulán over 7 years ago

  • Target version changed from 1.12.1 to 1.12.3
Actions #23

Updated by Ondřej Pražák over 7 years ago

Actions #24

Updated by Marek Hulán over 7 years ago

  • Target version changed from 1.12.3 to 1.13.0
Actions #25

Updated by Marek Hulán over 7 years ago

  • Target version changed from 1.13.0 to 1.13.2
Actions #26

Updated by Marek Hulán over 7 years ago

  • Target version changed from 1.13.2 to 1.13.4
Actions #27

Updated by Lukas Zapletal over 7 years ago

In Discovery we are planning to lock and reset default discovery plugin roles in a seed script, this is likely a precedent. See discussion at https://github.com/theforeman/foreman_discovery/pull/352

I think the plugin API should do this automatically when roles are being registered (they should be locked).

Actions #28

Updated by Lukas Zapletal over 7 years ago

  • Related to Bug #19944: Upgrade fails due to missing override column in filter added
Actions #29

Updated by Marek Hulán over 7 years ago

Lukas Zapletal wrote:

In Discovery we are planning to lock and reset default discovery plugin roles in a seed script, this is likely a precedent. See discussion at https://github.com/theforeman/foreman_discovery/pull/352

I think the plugin API should do this automatically when roles are being registered (they should be locked).

I believe it's tracked by http://projects.theforeman.org/issues/19039, which is ready for testing

Actions #30

Updated by Marek Hulán over 7 years ago

  • Target version changed from 1.13.4 to 1.14.0
Actions #31

Updated by Marek Hulán over 7 years ago

  • Target version changed from 1.14.0 to 1.14.3
Actions #32

Updated by Marek Hulán about 7 years ago

  • Target version changed from 1.14.3 to 1.17.0-RC2
Actions #33

Updated by Marek Hulán about 7 years ago

  • Target version changed from 1.17.0-RC2 to 1.18.0-RC2
Actions #34

Updated by Marek Hulán about 7 years ago

  • Target version changed from 1.18.0-RC2 to 214
Actions #35

Updated by Marek Hulán about 7 years ago

  • Status changed from New to Closed

It seems like all related issues have been closed, closing this one.

Actions

Also available in: Atom PDF