Hi, that is a good point which I should document in Wiki: -In order not loosing the overview about the rights use granulating only if it is useful for the user/admin. -WebYaST rights and YaST-DBUS rights has to be identically in order keeping the overview. -Use rights for special values/tasks only if we can provide this single information in one request only. e.g. GET <machine>language/second_language.xml - If the YaST-DBUS interface supports this granulation and WebYaST does not we will have to "summarize" rights. For example the language module has only one GET/PUT request: GET <machine>/language.xml This returns the *complete* language information like current utf8 rootlocale ... .. . So it makes no sense for the admin who has to set the concerning rights setting each single language right for each user. He only wants to set that the user has read or write access. We can solve this by using structured name: org.opensuse.yast.modules.yapi.language.getlanguages org.opensuse.yast.modules.yapi.language.getcurrentlanguage org.opensuse.yast.modules.yapi.language.isutf8 org.opensuse.yast.modules.yapi.language.getrootlang org.opensuse.yast.modules.yapi.language.setcurrentlanguage org.opensuse.yast.modules.yapi.language.setutf8 org.opensuse.yast.modules.yapi.language.setrootlang Should become: org.opensuse.yast.modules.yapi.language.get-languages org.opensuse.yast.modules.yapi.language.get-currentlanguage org.opensuse.yast.modules.yapi.language.get-utf8 org.opensuse.yast.modules.yapi.language.get-rootlang org.opensuse.yast.modules.yapi.language.set-currentlanguage org.opensuse.yast.modules.yapi.language.set-utf8 org.opensuse.yast.modules.yapi.language.set-rootlang So we are able to generate a tree structure of the rights like get -languages -currentlanguage -utf8 -rootlang set -currentlanguage -utf8 -rootlang Which can be shown in the UI and the admin has to select the root branch "get" or "set" only in order to change the permission for all "child" rights. This will be handled by the permission rest-service of WebYaST. Any other thoughts or possibilities ? Greetings Stefan Josef Reidinger schrieb:
During developing my webyast modules I find, that using dbus and my YaPI quite increase amount of webyast policykit permissions. Is there any policy how detailed should be that permissions? E.g. if I have language module and for each expected features (language, utf8 and root locale) has getter and setter and getter for language list in YaPI it is 7 permissions in policy-kit. So I can change it to one read/write YaPI ( only 2 permissions) call or let it for each configuration option. josef
-- ******************************************************************************* Stefan Schubert SUSE LINUX GmbH - Maxfeldstrasse 5 - D-90409 Nuernberg, Germany e-mail: schubi@suse.de ------------------------------------------------------------------------------- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org