Feature #5217
closedAs a user, I should have CRUD permissions for all entities that are exposed to me.
Added by Eric Helms over 10 years ago. Updated over 6 years ago.
Updated by Eric Helms over 10 years ago
- Blocked by Feature #5230: As a user, I should be able to assign CRUD permissions for GPG Keys. added
Updated by Walden Raines over 10 years ago
- Related to Feature #5260: As a user, I should be able to assign CRUD permissions for Sync Plans added
Updated by Eric Helms over 10 years ago
Copying in the bulk of the notes from our earlier roles etherpading:
Permission Requirements
Minimum Requirements¶
As a user, I should be able to define a permission for CRUD on all Katello entities that are exposed to the user. (http://projects.theforeman.org/issues/5217)
As a user, I should be able to lock permissions by Organizations.
As a user, I should be able to lock permissions by Lifecycle Environment.
As a user, I should not see menu items for entities that I do not have access to.
As a user, I should not be able to access APIs I don't have permissions to.
As a user, I should have consistent permissions across Fortello.
As a user, I'd like not to see or have access to the legacy roles/permissions from Katello.
As a readonly user, I should not be able to edit any entity through the API or UI.
Nice to have Requirements¶
Hosts/Systems
As a user I should be able to define a permission to manage systems in system group A
As a user I should be able to define a permission to manage the association between system group A and all systems I can manage through my other permissions.
As a user I should be able to define a permission to manage All Systems in Environment C
As a user I should be able to define a permission to manage All Systems in Environment C within Content View X
As a user I should be able to define a permission to manage All Systems in Organization O
As a user I should be able to define a permission to restricts which Environments and Content Views a user can assign (or register) a System to.
Content Views & Lifecycle Environments:
As a user I should be able to define a permission to publish a new version of Content View X
As a user I should be able to define a permission to promote Content View X to Environment Y
Open Questions¶
- CRUD BY Org (sounded like Yes) * If we address permissions in the API, will the CLI just work?
- Question for CLI guys to see how Foreman side currently works against their permissions * Can we do the implementation entity by entity or page by page?
Example - https://github.com/Katello/katello/pull/3789/files
Issues¶
http://projects.theforeman.org/issues/5217
Action Items¶
Create Role-rework branch (ehelms) https://github.com/Katello/katello/tree/roles
Create permissions.rb file and include it from the plugin.rb file (ehelms)
Remove Legacy Katello roles UI
Dig into mechanics of new permissions as they relate to controllers (partha)
For a given entity:
Define the CRUD permission set for entity
Define the set of scoped search fields used when filtering
Re-factor guts of the entity Authorization module, remove where it no longer makes sense
Remove rules from the controller (handled by permission definitions/routes combinations)
Fix tests
Test the UI
Test the API
Test that the Menu item hides properly
Pages¶
Content Dashboard
Lifecycle Environment management (partha)Activation Keys
Manage Subscriptions
RedHat Repo enable/disableProducts & Repository (ehelms)GPG Keys (ehelms) - https://github.com/Katello/katello/pull/3985
Sync StatusSync Plan (walden)
Content Views
Content Search
System/Content Hosts
System Groups (Host Collections)
Content About
Content Notices
Updated by Eric Helms over 10 years ago
- Blocked by Feature #5261: As a user, I should be able to assign CRUD permissions for Products and Repositories. added
Updated by Walden Raines over 10 years ago
- Related to Feature #5416: As a user, I should be able to assign CRUD permissions for Activation keys added
Updated by Walden Raines over 10 years ago
- Related to Feature #5434: As a user, I should be able to assign CRUD permissions for Content Views added
Updated by Eric Helms over 10 years ago
- Blocked by Feature #5521: As a user, I should be able to assign CRUD permissions to subscriptions. added
Updated by Eric Helms over 10 years ago
- Related to Bug #5529: As a user, I should only see widgets on the content dashboard that I have access to. added
Updated by Eric Helms over 10 years ago
- Blocked by Feature #5531: As a user, I should be able to assign relevant permissions for Sync actions. added
Updated by Eric Helms over 10 years ago
- Blocked by Feature #5530: As a user, I should be able to assign CRUD permissions for Lifecycle Environments. added
Updated by Eric Helms over 10 years ago
- Related to Feature #5532: As a user, I should only see entities I have access to within Content Search. added
Updated by Eric Helms over 10 years ago
- Blocked by Feature #5533: As a user, I should be able to assign CRUD permissions for Content Hosts. added
Updated by Eric Helms over 10 years ago
- Blocked by Feature #5535: As a user, I should be able to assign CRUD permissions for System Groups. added
Updated by Walden Raines over 10 years ago
- Blocked by Feature #5537: Menu/authorization: need alternative to rails controller centric authorization added
Updated by Walden Raines over 10 years ago
- Blocked by Bug #5543: Content Search: autocomplete is not working for content views and repositories added
Updated by Walden Raines over 10 years ago
- Related to Feature #5562: As a user, I should be able to assign permissions for Foreman tasks added
Updated by Walden Raines over 10 years ago
- Blocked by Bug #4450: Tasks API is not authorized added
Updated by Partha Aji over 10 years ago
- Blocked by Bug #5578: Cant set permissions on specific resource types added
Updated by Walden Raines over 10 years ago
- Related to Feature #5591: Red Hat Repositories: authorization added
Updated by Walden Raines over 10 years ago
- Related to Feature #5593: Fix menu so authorized items are displayed post single page app work added
Updated by Walden Raines over 10 years ago
- Related to Feature #5627: Api V2 Tasks controller: CRUD authorization added
Updated by Walden Raines over 10 years ago
- Related to Refactor #5628: Remove converted v1 API controllers and tests added
Updated by Walden Raines over 10 years ago
- Related to Feature #5635: Bastion: add translated 403 message to displayed error messages on form submit added
Updated by Partha Aji over 10 years ago
- Related to Bug #5682: view lifecycle environments permisisons need to be handled better added
Updated by Partha Aji over 10 years ago
- Blocked by Bug #5702: (Roles Branch) v2 Content Views Controller index call ignoring environment id added
Updated by Walden Raines over 10 years ago
- Related to Bug #5720: Roles: Add scopes to finds in converted controllers added
Updated by Walden Raines over 10 years ago
- Blocked by Bug #5843: Remove v1 API routes added
Updated by Walden Raines over 10 years ago
- Related to deleted (Refactor #5628: Remove converted v1 API controllers and tests)
Updated by Walden Raines over 10 years ago
- Related to Feature #4351: Global user permissions need to be delivered to angular pages added
Updated by Walden Raines over 10 years ago
- Related to Feature #5503: Available UI interactions should reflect a user's permissions added
Updated by Walden Raines over 10 years ago
- Related to Feature #6040: Add Katello view permissions to foreman "Viewer" role added
Updated by Walden Raines over 10 years ago
- Blocked by deleted (Bug #5543: Content Search: autocomplete is not working for content views and repositories)
Updated by Walden Raines over 10 years ago
- Related to Feature #6321: Bastion pages should enforce permissions when entering the page added
Updated by Eric Helms over 10 years ago
- Translation missing: en.field_release set to 13
Updated by Eric Helms over 10 years ago
- Blocked by deleted (Bug #4450: Tasks API is not authorized)
Updated by Eric Helms over 10 years ago
- Related to deleted (Bug #5720: Roles: Add scopes to finds in converted controllers)