Project

General

Profile

Tracker #17954

Unify roles and permissions across plugins

Added by Ondřej Pražák over 2 years ago. Updated 11 months ago.

Status:
Closed
Priority:
Normal
Category:
-
Target version:
-
% Done:

0%

Difficulty:
Triaged:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Each plugin handles permissions and roles differently: some create just permissions and no roles, some create plugin-specific roles. This tracker should monitor the progress of making roles uniform across all plugins.

Expected outcome:
- each plugin has plugin-specific Viewer and Manager roles (see openscap or rex). Additional plugin-specific roles are certainly possible if plugin needs them.
- plugin permissions are added to Manager and Viewer roles provided by core.


Related issues

Related to Discovery - Bug #19944: Upgrade fails due to missing override column in filterClosed2017-06-06
Blocked by Foreman Remote Execution - Bug #17953: Add remote execution permissions to Viewer and Manager rolesClosed2017-01-06
Blocked by OpenSCAP - Bug #17952: Add foreman_openscap permissions to Viewer and Manager rolesClosed2017-01-06
Blocked by Ansible - Bug #17957: Add foreman_ansible permissions to Viewer and Manager rolesClosed2017-01-06
Blocked by Discovery - Bug #17959: Add foreman_discovery permissions to Manager and Viewer rolesClosed2017-01-06
Blocked by Docker - Bug #17960: Add foreman_docker permissions to Manager and View rolesClosed2017-01-06
Blocked by foreman-tasks - Bug #17961: Add foreman-tasks permissions to Manager and Viewer rolesClosed2017-01-06
Blocked by Katello - Bug #17962: Add Katello's permissions to Manager and and Viewer rolesClosed2017-01-06
Blocked by Boot disk - Bug #17963: Add foreman_bootdisk permissions to Manager roleClosed2017-01-06
Blocked by Foreman - Feature #18001: Allow plugins to easily add their permissions to core's Viewer and ManagerClosed2017-01-10
Blocked by Foreman - Feature #19039: Lock plugin rolesClosed2017-03-27

History

#1 Updated by Ondřej Pražák over 2 years ago

  • Blocked by Bug #17953: Add remote execution permissions to Viewer and Manager roles added

#2 Updated by Ondřej Pražák over 2 years ago

  • Blocks Bug #17952: Add foreman_openscap permissions to Viewer and Manager roles added

#3 Updated by Ondřej Pražák over 2 years ago

  • Blocks deleted (Bug #17952: Add foreman_openscap permissions to Viewer and Manager roles)

#4 Updated by Ondřej Pražák over 2 years ago

  • Blocked by Bug #17952: Add foreman_openscap permissions to Viewer and Manager roles added

#5 Updated by Ondřej Pražák over 2 years ago

  • Bugzilla link set to 1304608

#6 Updated by Ondřej Pražák over 2 years ago

  • Blocked by Bug #17957: Add foreman_ansible permissions to Viewer and Manager roles added

#7 Updated by Ondřej Pražák over 2 years ago

  • Blocked by Bug #17959: Add foreman_discovery permissions to Manager and Viewer roles added

#8 Updated by Ondřej Pražák over 2 years ago

  • Blocks Bug #17960: Add foreman_docker permissions to Manager and View roles added

#9 Updated by Ondřej Pražák over 2 years ago

  • Blocks deleted (Bug #17960: Add foreman_docker permissions to Manager and View roles)

#10 Updated by Ondřej Pražák over 2 years ago

  • Blocked by Bug #17960: Add foreman_docker permissions to Manager and View roles added

#11 Updated by Ondřej Pražák over 2 years ago

  • Blocked by Bug #17961: Add foreman-tasks permissions to Manager and Viewer roles added

#12 Updated by Ondřej Pražák over 2 years ago

  • Blocks Bug #17962: Add Katello's permissions to Manager and and Viewer roles added

#13 Updated by Ondřej Pražák over 2 years ago

  • Blocks deleted (Bug #17962: Add Katello's permissions to Manager and and Viewer roles)

#14 Updated by Ondřej Pražák over 2 years ago

  • Blocked by Bug #17962: Add Katello's permissions to Manager and and Viewer roles added

#15 Updated by Ondřej Pražák over 2 years ago

  • Blocked by Bug #17963: Add foreman_bootdisk permissions to Manager role added

#16 Updated by Marek Hulán over 2 years ago

Ondřej, could we also prevent this happening in future? What if every permission defined by plugin would be automatically assigned to Manager role and if it matches view_.+ it would be also associated to Viewer? Plugins would only defined plugin_manager and plugin_viewer role. Any other suggestions are welcome.

#17 Updated by Ondřej Pražák over 2 years ago

  • Blocked by Feature #18001: Allow plugins to easily add their permissions to core's Viewer and Manager added

#18 Updated by Ondřej Pražák over 2 years ago

I do not think we can do this completely automatically and there may be cases when we do not want to. But I think #18001 is a reasonable solution.

#19 Updated by Marek Hulán over 2 years ago

  • Assignee set to Ondřej Pražák
  • Target version set to 1.11.2

#20 Updated by Marek Hulán over 2 years ago

  • Target version changed from 1.11.2 to 1.11.4

#21 Updated by Marek Hulán over 2 years ago

  • Target version changed from 1.11.4 to 1.12.1

#22 Updated by Marek Hulán over 2 years ago

  • Target version changed from 1.12.1 to 1.12.3

#23 Updated by Ondřej Pražák about 2 years ago

#24 Updated by Marek Hulán about 2 years ago

  • Target version changed from 1.12.3 to 1.13.0

#25 Updated by Marek Hulán about 2 years ago

  • Target version changed from 1.13.0 to 1.13.2

#26 Updated by Marek Hulán about 2 years ago

  • Target version changed from 1.13.2 to 1.13.4

#27 Updated by Lukas Zapletal about 2 years ago

In Discovery we are planning to lock and reset default discovery plugin roles in a seed script, this is likely a precedent. See discussion at https://github.com/theforeman/foreman_discovery/pull/352

I think the plugin API should do this automatically when roles are being registered (they should be locked).

#28 Updated by Lukas Zapletal about 2 years ago

  • Related to Bug #19944: Upgrade fails due to missing override column in filter added

#29 Updated by Marek Hulán about 2 years ago

Lukas Zapletal wrote:

In Discovery we are planning to lock and reset default discovery plugin roles in a seed script, this is likely a precedent. See discussion at https://github.com/theforeman/foreman_discovery/pull/352

I think the plugin API should do this automatically when roles are being registered (they should be locked).

I believe it's tracked by http://projects.theforeman.org/issues/19039, which is ready for testing

#30 Updated by Marek Hulán about 2 years ago

  • Target version changed from 1.13.4 to 1.14.0

#31 Updated by Marek Hulán almost 2 years ago

  • Target version changed from 1.14.0 to 1.14.3

#32 Updated by Marek Hulán almost 2 years ago

  • Target version changed from 1.14.3 to 1.17.0-RC2

#33 Updated by Marek Hulán almost 2 years ago

  • Target version changed from 1.17.0-RC2 to 1.18.0-RC2

#34 Updated by Marek Hulán almost 2 years ago

  • Target version changed from 1.18.0-RC2 to 214

#35 Updated by Marek Hulán almost 2 years ago

  • Status changed from New to Closed

It seems like all related issues have been closed, closing this one.

Also available in: Atom PDF