Plugins » Katello

Copying in the bulk of the notes from our earlier roles etherpading:

Permission Requirements

Minimum Requirements¶

As a user, I should be able to define a permission for CRUD on all Katello entities that are exposed to the user. (http://projects.theforeman.org/issues/5217)
As a user, I should be able to lock permissions by Organizations.
As a user, I should be able to lock permissions by Lifecycle Environment.
As a user, I should not see menu items for entities that I do not have access to.
As a user, I should not be able to access APIs I don't have permissions to.
As a user, I should have consistent permissions across Fortello.
As a user, I'd like not to see or have access to the legacy roles/permissions from Katello.
As a readonly user, I should not be able to edit any entity through the API or UI.

Nice to have Requirements¶

Hosts/Systems

As a user I should be able to define a permission to manage systems in system group A
As a user I should be able to define a permission to manage the association between system group A and all systems I can manage through my other permissions.
As a user I should be able to define a permission to manage All Systems in Environment C
As a user I should be able to define a permission to manage All Systems in Environment C within Content View X
As a user I should be able to define a permission to manage All Systems in Organization O
As a user I should be able to define a permission to restricts which Environments and Content Views a user can assign (or register) a System to.

Content Views & Lifecycle Environments:

As a user I should be able to define a permission to publish a new version of Content View X
As a user I should be able to define a permission to promote Content View X to Environment Y

Open Questions¶

• CRUD BY Org (sounded like Yes) * If we address permissions in the API, will the CLI just work?
• Question for CLI guys to see how Foreman side currently works against their permissions * Can we do the implementation entity by entity or page by page?

Example - https://github.com/Katello/katello/pull/3789/files

Issues¶

http://projects.theforeman.org/issues/5217

Action Items¶

Create Role-rework branch (ehelms) https://github.com/Katello/katello/tree/roles
Create permissions.rb file and include it from the plugin.rb file (ehelms)
Remove Legacy Katello roles UI
Dig into mechanics of new permissions as they relate to controllers (partha)
For a given entity:
Define the CRUD permission set for entity
Define the set of scoped search fields used when filtering
Re-factor guts of the entity Authorization module, remove where it no longer makes sense
Remove rules from the controller (handled by permission definitions/routes combinations)
Fix tests
Test the UI
Test the API
Test that the Menu item hides properly

Pages¶

Content Dashboard
Lifecycle Environment management (partha)
Activation Keys
Manage Subscriptions
RedHat Repo enable/disable
Products & Repository (ehelms)
GPG Keys (ehelms) - https://github.com/Katello/katello/pull/3985
Sync Status
Sync Plan (walden)
Content Views
Content Search
System/Content Hosts
System Groups (Host Collections)
Content About
Content Notices