Feature #5537

Menu/authorization: need alternative to rails controller centric authorization

Added by Walden Raines about 4 years ago. Updated 8 days ago.

Status:Closed
Priority:Normal
Assignee:Dmitri Dolguikh
Category:Authorization
Target version:1.6.0
Difficulty: Team Backlog:
Triaged: Fixed in Releases:
Bugzilla link: Found in Releases:
Pull request:

Description

The methods authorized? and allowed_to should be less controller centric.

In bastion we only have one controller: https://github.com/Katello/katello/blob/master/engines/bastion/app/controllers/bastion/bastion_controller.rb. That controller simply renders html, js, and css which in turn powers the application.

We cannot show menu items based on permissions because the menu item authorization relies on there being a controller `entity` with an action `action`. We need some way to specify the entity and action without undue reliance on the existence of a rails controller.

One solution ehelms proposed was to "allow passing in a Proc to define a path or pass in 'url' if the user wants to".

References:

https://github.com/theforeman/foreman/blob/develop/app/services/menu/item.rb#L36
https://github.com/theforeman/foreman/blob/acfbc45886c4d81a2a3ca5af433a6124a0a7191a/app/models/role.rb#L79


Related issues

Blocks Katello - Feature #5217: As a user, I should have CRUD permissions for all entitie... Closed 04/16/2014
Blocks Katello - Feature #5593: Fix menu so authorized items are displayed post single pa... Closed 05/06/2014

Associated revisions

Revision 902c71ef
Added by Dmitri Dolguikh about 4 years ago

fixes #5537: it's possible to specify menu item url directly now

History

#1 Updated by Walden Raines about 4 years ago

  • Blocks Feature #5217: As a user, I should have CRUD permissions for all entities that are exposed to me. added

#2 Updated by Dmitri Dolguikh about 4 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Dmitri Dolguikh

#3 Updated by Dominic Cleal about 4 years ago

  • Target version set to 1.8.3

#4 Updated by Walden Raines about 4 years ago

  • Blocks Feature #5593: Fix menu so authorized items are displayed post single page app work added

#5 Updated by Dominic Cleal about 4 years ago

  • Legacy Backlogs Release (now unused) set to 10

#6 Updated by Anonymous about 4 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF