Project

General

Profile

Feature #366

Provide a basic authorization infrastructure

Added by Paul Kelly about 11 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Users, Roles and Permissions
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

Foreman know you are but does not use this information to grant or disallow access to any functionality.

The Redmine authorization infrastructure is a good starting point for this feature. A port of this code should be performed and the links/actions should be modified in the rest of the application to refer to a set of roles.

366.patch 366.patch 244 KB Ohad Levy, 11/05/2010 06:17 PM

Related issues

Has duplicate Foreman - Feature #401: authorisationDuplicate2010-10-05
Blocks Foreman - Feature #139: per host authorization for making changes.Closed2009-12-18

Associated revisions

Revision 9fd7478e (diff)
Added by Paul Kelly almost 11 years ago

Fixes #366 - Redmine authorization port

This is a major feature which provides RBAC authorization within Foreman
a mental note to myself - never ever work on large commits

Revision 1efdb38a (diff)
Added by Ohad Levy almost 11 years ago

wrong link to domain edit page, refs #366

Revision 6b728c1d (diff)
Added by Ohad Levy almost 11 years ago

Fixes broken links - refs #366

Revision 23e59327 (diff)
Added by Ohad Levy almost 11 years ago

Ensures that all anonymous actions are allowed - refs #366

History

#1 Updated by Paul Kelly about 11 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Paul Kelly
  • Branch set to feature/366-redmine-authorization-port-collapsed

The submitted code is a simple port of the redmine authorization module. It includes the modifications to Foreman to use its functionality but it is not yet a full patch. I believe that this needs some reviewing and some thought about use cases but is basically 95% there.

Note the branch name ends in -collapsed

#2 Updated by Paul Kelly about 11 years ago

Added a whole bunch of tests.

#3 Updated by Paul Kelly about 11 years ago

Extensively updated after discussion with Ohad.
Tested
new branch pushed

#4 Updated by Ohad Levy about 11 years ago

Paul Kelly wrote:

Extensively updated after discussion with Ohad.
Tested
new branch pushed

my tests are failing - not sure why:

(in /home/olevy/git/foreman)
/usr/bin/ruby -I"lib:test" "/usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake/rake_test_loader.rb" "test/unit/domain_parameter_test.rb" "test/unit/user_fact_test.rb" "test/unit/operatingsystem_test.rb" "test/unit/environment_test.rb" "test/unit/puppetclass_test.rb" "test/unit/usergroup_test.rb" "test/unit/media_test.rb" "test/unit/lookup_key_test.rb" "test/unit/common_parameter_test.rb" "test/unit/report_observer_test.rb" "test/unit/architecture_test.rb" "test/unit/auth_source_test.rb" "test/unit/domain_test.rb" "test/unit/ptable_test.rb" "test/unit/helpers/parameters_helper_test.rb" "test/unit/helpers/statistics_helper_test.rb" "test/unit/helpers/auth_sources_helper_test.rb" "test/unit/helpers/host_groups_helper_test.rb" "test/unit/helpers/puppetclasses_helper_test.rb" "test/unit/helpers/environments_helper_test.rb" "test/unit/helpers/usergroups_helper_test.rb" "test/unit/helpers/dashboard_helper_test.rb" "test/unit/helpers/users_helper_test.rb" "test/unit/helpers/lookup_keys_helper_test.rb" "test/unit/helpers/fact_values_helper_test.rb" "test/unit/helpers/domain_helper_test.rb" "test/unit/helpers/ptables_helper_test.rb" "test/unit/helpers/media_helper_test.rb" "test/unit/helpers/operatingsystem_helper_test.rb" "test/unit/helpers/audit_helper_test.rb" "test/unit/helpers/reports_helper_test.rb" "test/unit/helpers/model_helper_test.rb" "test/unit/helpers/architecture_helper_test.rb" "test/unit/helpers/unattended_helper_test.rb" "test/unit/helpers/home_helper_test.rb" "test/unit/helpers/hosts_helper_test.rb" "test/unit/role_test.rb" "test/unit/subnet_test.rb" "test/unit/parameter_test.rb" "test/unit/report_test.rb" "test/unit/user_test.rb" "test/unit/auth_source_ldap_test.rb" "test/unit/host_parameter_test.rb" "test/unit/host_observer_test.rb" "test/unit/host_mailer_test.rb" "test/unit/group_parameter_test.rb" "test/unit/hostgroup_test.rb" "test/unit/fact_value_test.rb" "test/unit/host_test.rb" "test/unit/model_test.rb" 
/home/olevy/git/foreman/config/../vendor/rails/railties/lib/rails/gem_dependency.rb:119:Warning: Gem::Dependency#version_requirements is deprecated and will be removed on or after August 2010.  Use #requirement
/home/olevy/git/foreman/app/helpers/common_parameters_helper.rb:7: warning: parenthesize argument(s) for future version
./test/unit/role_test.rb:23: warning: parenthesize argument(s) for future version
./test/unit/role_test.rb:26: warning: parenthesize argument(s) for future version
./test/unit/role_test.rb:27: warning: parenthesize argument(s) for future version
./test/unit/role_test.rb:23: undefined method `have_many' for RoleTest:Class (NoMethodError)
    from /home/olevy/git/foreman/vendor/rails/activesupport/lib/active_support/dependencies.rb:147:in `load_without_new_constant_marking'
    from /home/olevy/git/foreman/vendor/rails/activesupport/lib/active_support/dependencies.rb:147:in `load'
    from /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake/rake_test_loader.rb:4
    from /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake/rake_test_loader.rb:4:in `each'
    from /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake/rake_test_loader.rb:4
/usr/bin/ruby -I"lib:test" "/usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake/rake_test_loader.rb" "test/functional/ptables_controller_test.rb" "test/functional/operatingsystems_controller_test.rb" "test/functional/dashboard_controller_test.rb" "test/functional/hosts_controller_test.rb" "test/functional/audits_controller_test.rb" "test/functional/home_controller_test.rb" "test/functional/fact_values_controller_test.rb" "test/functional/medias_controller_test.rb" "test/functional/auth_source_ldaps_controller_test.rb" "test/functional/statistics_controller_test.rb" "test/functional/common_parameters_controller_test.rb" "test/functional/domains_controller_test.rb" "test/functional/unattended_controller_test.rb" "test/functional/usergroups_controller_test.rb" "test/functional/puppetclasses_controller_test.rb" "test/functional/roles_controller_test.rb" "test/functional/lookup_keys_controller_test.rb" "test/functional/architectures_controller_test.rb" "test/functional/reports_controller_test.rb" "test/functional/environments_controller_test.rb" "test/functional/hostgroups_controller_test.rb" "test/functional/users_controller_test.rb" "test/functional/models_controller_test.rb" 
/home/olevy/git/foreman/config/../vendor/rails/railties/lib/rails/gem_dependency.rb:119:Warning: Gem::Dependency#version_requirements is deprecated and will be removed on or after August 2010.  Use #requirement
/home/olevy/git/foreman/app/helpers/common_parameters_helper.rb:7: warning: parenthesize argument(s) for future version
./test/functional/ptables_controller_test.rb:56: undefined method `context' for PtablesControllerTest:Class (NoMethodError)
    from /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake/rake_test_loader.rb:4:in `load'
    from /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake/rake_test_loader.rb:4
    from /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake/rake_test_loader.rb:4:in `each'
    from /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake/rake_test_loader.rb:4
/usr/bin/ruby -I"lib:test" "/usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake/rake_test_loader.rb"  
Errors running test:units and test:functionals!

#5 Updated by Paul Kelly about 11 years ago

Rewrote the login code, (again.)
Added some tests for the login code. Maybe I need more?
rebased
and tested
Still need ideas on sensible default roles

#6 Updated by Ohad Levy about 11 years ago

  • Target version set to 0.1-6

#7 Updated by Paul Kelly about 11 years ago

Tested and incorporating some fixes highlighted by Ohad. The fixes are added as an additional commit so that you can review them more easily. If you are happy I will rebase into one commit. Unfortunately you will have to do a rebase otherwise I will be rewrinting the history if I do a pull --rebase and then a push.

#8 Updated by Paul Kelly almost 11 years ago

Fixed issue with the fact importer.
This is a nasty fix but I would rather do this then try to understand puppet internals
Again this is a separate commit for ease of review
There are many errors in the test.log and I am unclear as to which are supposed to be there.

#9 Updated by Paul Kelly almost 11 years ago

Fixed another minor issue with the fixtures
I now think that there are no problems with errors in the test.log. Except for the audits fixtures but I guess that this is due to there being no audits model in the app tree

#10 Updated by Paul Kelly almost 11 years ago

Updated the user edit page to not automatically show the filters section unless the user is using filtering
Added an explicit filter_on_owner flag to the user object.
Did not refactor the Authorization code as this is already in an external module that is included into all models.
Updated the tests and ensured they passed

#11 Updated by Paul Kelly almost 11 years ago

Rebased and tested again

#12 Updated by Paul Kelly almost 11 years ago

  • Subject changed from Provide a basic authorization infreastructure to Provide a basic authorization infrastructure

#13 Updated by Ohad Levy almost 11 years ago

  • File patch added

here is a patch against develop, for anyone who wishes to give a hand in testing this huge feature

#14 Updated by Ohad Levy almost 11 years ago

#15 Updated by Ohad Levy almost 11 years ago

  • File deleted (patch)

#16 Updated by Paul Kelly almost 11 years ago

  • % Done changed from 0 to 100

#17 Updated by Ohad Levy almost 11 years ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF