Project

General

Profile

Bug #34329

Allow specific permissions to be excluded from being added to default roles

Added by Adam Ruzicka 10 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Plugin integration
Target version:
-
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

If I understood the permission related helpers in app/registries/plugin.rb we have a couple options:

1) add_permissions_to_default_roles - Here I'd need to list ALL the permissions except the one I don't want included. Also one needs to separate the different permissions for viewer/manager by hand. Apart from it being ugly, I couldn't manage to get it working at all. All attempts failed with

foreman/app/models/role.rb:336:in `permission_records': ERF73-0602 [Foreman::PermissionMissingException]: »some permissions were not found: []« (Foreman::PermissionMissingException)

2) add_resource_permissions_to_default_roles - Here I'd need to list all the resources and according to the comment above the method I should be able to pass an array of permissions to be excluded. Sounds good, doesn't work. Interestingly enough, all attempts failed with the same error as option 1.

Here I propose to add a keyword argument "except" to add_all_permissions_to_default_roles, which would prevent listed permissions from being added to the default roles. It is more inline with the idea of "add all permissions except for the selected few" rather than "to exclude this permission, I need to explicitly state all that should be included"


Related issues

Related to Foreman Remote Execution - Bug #34324: Manager role does contain the execute_jobs_on_infrastructure_hosts permissionClosed

Associated revisions

Revision ef2ff068 (diff)
Added by Adam Ruzicka 10 months ago

Fixes #34329 - Allow permissions to be excluded from default roles

History

#1 Updated by Adam Ruzicka 10 months ago

  • Related to Bug #34324: Manager role does contain the execute_jobs_on_infrastructure_hosts permission added

#2 Updated by The Foreman Bot 10 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/9064 added

#3 Updated by The Foreman Bot 10 months ago

  • Fixed in Releases 3.2.0 added

#4 Updated by Adam Ruzicka 10 months ago

  • Status changed from Ready For Testing to Closed

#5 Updated by The Foreman Bot 10 months ago

  • Pull request https://github.com/theforeman/foreman/pull/9072 added

#6 Updated by The Foreman Bot 10 months ago

  • Fixed in Releases 3.1.2 added

#7 Updated by Leos Stejskal 5 months ago

  • Bugzilla link set to 2105915

Also available in: Atom PDF