Mailinglist Archive: yast-devel (95 mails)

[josef reidinger <jreidinger@xxxxxxx>]

Stefan Schubert napsal(a):
> Hi,
> that is a good point which I should document in Wiki:
>
> -In order not loosing the overview about the rights use granulating only
> if it is useful for the user/admin.
> -WebYaST rights and YaST-DBUS rights has to be identically in order
> keeping the overview.
> -Use rights for special values/tasks only if we can provide this single
> information
> in one request only. e.g. GET <machine>language/second_language.xml
> - If the YaST-DBUS interface supports this granulation  and WebYaST does
> not
> we will have to "summarize" rights.
>
> For example the language module has only one GET/PUT request:
>
> GET <machine>/language.xml
>
> This returns the *complete* language information like
> current
> utf8
> rootlocale
> ...
> ..
> .

This is not true for language-0.0.2, where is there only one GET/PUT,
but it respect rights. So if you have rights only to read rootlocale,
then you see in webclient only this one element. Same in put, where you
can set only things on which you has permissions (so is valid send PUT
with only rootlocale setted (I think that I forget in webclient
implement disabling)). So you have only one form but object in that form
is variable and depend on permission and same what element you have enabled.
And get/set subtree is good idea, as it allow better structuring and
also give pressure to use same standards for dbus calls (only getter and
setters) which is ideal stateless interface. Also it force close setters
which doesn't depend on any other call from interface.
JFYI due to bug https://bugzilla.novell.com/show_bug.cgi?id=512569 is
not possible to send more complex structures in dbus, even it is
supported by dbus (like list of map), so some getter require some string
serializing.
Josef

> So it makes no sense for the admin who has to set the concerning rights
> setting
> each single language right for each user. He only wants to set that the
> user has
> read or write access.
>
> We can solve this by using structured name:
>
> org.opensuse.yast.modules.yapi.language.getlanguages
> org.opensuse.yast.modules.yapi.language.getcurrentlanguage
> org.opensuse.yast.modules.yapi.language.isutf8
> org.opensuse.yast.modules.yapi.language.getrootlang
> org.opensuse.yast.modules.yapi.language.setcurrentlanguage
> org.opensuse.yast.modules.yapi.language.setutf8
> org.opensuse.yast.modules.yapi.language.setrootlang
>
> Should become:
>
> org.opensuse.yast.modules.yapi.language.get-languages
> org.opensuse.yast.modules.yapi.language.get-currentlanguage
> org.opensuse.yast.modules.yapi.language.get-utf8
> org.opensuse.yast.modules.yapi.language.get-rootlang
> org.opensuse.yast.modules.yapi.language.set-currentlanguage
> org.opensuse.yast.modules.yapi.language.set-utf8
> org.opensuse.yast.modules.yapi.language.set-rootlang
>
> So we are able to generate a tree structure of the rights like
> get
> -languages
> -currentlanguage
> -utf8
> -rootlang
> set
> -currentlanguage
> -utf8
> -rootlang
>
> Which can be shown in the UI and the admin has to select the root branch
> "get" or "set" only in order to change the permission for all "child"
> rights.
> This will be handled by the permission rest-service of WebYaST.
>
> Any other thoughts or possibilities ?
>
> Greetings
> Stefan
>
> Josef Reidinger schrieb:
> > During developing my webyast modules I find, that using dbus and my YaPI
> > quite increase amount of webyast policykit permissions. Is there any
> > policy how detailed should be that permissions? E.g. if I have language
> > module and for each expected features (language, utf8 and root locale)
> > has getter and setter and getter for language list in YaPI it is 7
> > permissions in policy-kit. So I can change it to one read/write YaPI (
> > only 2 permissions) call or let it for each configuration option.
> > josef
> >   

-- 
To unsubscribe, e-mail: yast-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-devel+help@xxxxxxxxxxxx