Plugins » Katello

With auto create functionality importing things into a content view requires multiple high level permissions currently including product create/update, repo create/update, cv create/update along with import_content_views. Handling this wide array of permissions adds complexity to the code

Proposal:
Change permissions needed to export and import content

• To import you need organization 'import_content'
• To export you need organization 'export_content'

Both are at org level so its amply clear to the user that its going to be creating stuff in the library that they have no control over.

Steps to address this proposal:

• Rename organization import_library_content to import_content
• Rename organization export_library_content to export_content
• Tweak the permissions at https://github.com/Katello/katello/blob/master/lib/katello/permission_creator.rb#L411 to include routes for 'version'
• Remove the export_content_views permission from https://github.com/Katello/katello/blob/master/lib/katello/permission_creator.rb#L146 and move its end points to the org perms.
• Create a migration to remove export_content_views permission from the database. Similar to
  https://github.com/Katello/katello/blob/master/db/migrate/20201012172713_remove_gpg_key_perms.rb

• Scour through content_exports_controllers and content_import_controllers for permissions that need to be tweaked.

• Add a 'Content Importer' role that only include organization 'import_content' permission
• Add a 'Content Exporter' role that only include organization 'export_content' permission