Bug #5578
closed
Cant set permissions on specific resource types
Description
Foreman's permission system infers the aclable routing paths from the model/resource type name. For example in https://github.com/Katello/katello/blob/roles/app/policies/katello/permissions/sync_plan_permissions.rb#L9 for sync plan permissions, the route to be acl'ed when "view_sync_plans" permission is selected is determined from doing some magic and translating the resource type name Katello::SyncPlan => Katello.find(sync_plans_path). The issue occurs when model name does not exactly correspond to the paths. Take the example of some permission policy that looks like
permission :view_lifecycle_environments,
{
'katello/api/v2/environments' => [:index, :show]
},
:resource_type => 'Katello::KTEnvironment'
Now the Katello::KTEnvironment gets translated to -> Katello.find(kt_environments_path) .. Unfortunately such a path does not exist, since in Katello even though we have a model named as KTEnvironment, the routing and the controllers all point to "environments_path". Katello.find(environments_path)'
We need a way in the foreman permissions system to set this up.
Updated by Partha Aji over 10 years ago
- Blocks Feature #5217: As a user, I should have CRUD permissions for all entities that are exposed to me. added
Updated by Dominic Cleal over 10 years ago
- Category set to Users, Roles and Permissions
Updated by Anonymous over 10 years ago
- Status changed from New to Feedback
To solve this problem you'll need to do two things:
- have a way of extracting/mapping of resource/action pairs from/to Katello urls
- override Foreman::Controller::Authentication#authorized and use resource/action pair from the previous step to resolve authorization
Permission definitions can stay as in your example.
Updated by Anonymous over 10 years ago
- Is duplicate of Bug #5553: Filter create/edit breaks if the resource type does not have a corresponding controller with 'autocomplete_search' added