Bug #32396: Permissions for import/export - Katello - Foreman

Bug #32396

Permissions for import/export

Added by Partha Aji over 1 year ago. Updated over 1 year ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Roles and Permissions

Target version:

Katello 4.1.0

Difficulty:

Triaged:

Yes

Bugzilla link:

Pull request:

https://github.com/Katello/katello/pull/9354

Fixed in Releases:

Katello 4.2.0

Found in Releases:

Red Hat JIRA:

Description

With auto create functionality importing things into a content view requires multiple high level permissions currently including product create/update, repo create/update, cv create/update along with import_content_views. Handling this wide array of permissions adds complexity to the code

Proposal:
Change permissions needed to export and import content

To import you need organization 'import_content'
To export you need organization 'export_content'

Both are at org level so its amply clear to the user that its going to be creating stuff in the library that they have no control over.

Steps to address this proposal:

Rename organization import_library_content to import_content
Rename organization export_library_content to export_content
Tweak the permissions at https://github.com/Katello/katello/blob/master/lib/katello/permission_creator.rb#L411 to include routes for 'version'
Remove the export_content_views permission from https://github.com/Katello/katello/blob/master/lib/katello/permission_creator.rb#L146 and move its end points to the org perms.
Create a migration to remove export_content_views permission from the database. Similar to
https://github.com/Katello/katello/blob/master/db/migrate/20201012172713_remove_gpg_key_perms.rb

Scour through content_exports_controllers and content_import_controllers for permissions that need to be tweaked.

Add a 'Content Importer' role that only include organization 'import_content' permission
Add a 'Content Exporter' role that only include organization 'export_content' permission