Mailinglist Archive: yast-devel (95 mails)
| < Previous | Next > |
Re: [yast-devel] Permission granularity for webyast modules
- From: josef reidinger <jreidinger@xxxxxxx>
- Date: Mon, 15 Jun 2009 13:19:36 +0200
- Message-id: <4A362E48.9060007@xxxxxxx>
Martin Vidner napsal(a):
What about use two tool over permissions? So we provide via dbus atomic
permission to change one enclosed atribute and then have in webyast
client for changing permission which provide agregate permissions and
can change set of atomic permissions like Change http server which
ensure that all atomic permission needed for http server is provided (of
course provide info what atomic permission it is). I think that for
admins is more important what exactly can user change (single values)
then high level abstraction permission which can change more then admin
want.
Josef
--
To unsubscribe, e-mail: yast-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-devel+help@xxxxxxxxxxxx
On Mon, Jun 15, 2009 at 12:10:12PM +0200, Stefan Schubert wrote:
So it makes no sense for the admin who has to set the concerning rights
setting
each single language right for each user. He only wants to set that the
user has
read or write access.
We can solve this by using structured name:
org.opensuse.yast.modules.yapi.language.getlanguages
org.opensuse.yast.modules.yapi.language.getcurrentlanguage
Should become:
org.opensuse.yast.modules.yapi.language.get-languages
org.opensuse.yast.modules.yapi.language.get-currentlanguage
So we are able to generate a tree structure of the rights like
get
-languages
-currentlanguage
Which can be shown in the UI and the admin has to select the root branch
"get" or "set" only in order to change the permission for all "child"
rights.
This will be handled by the permission rest-service of WebYaST.
So you're introducing a regrouping of the action ID, by dashes
instead of by dots.
I actually thought that it was a bug, so I fixed it in the
webclient:
http://git.opensuse.org/?p=projects/yast/web-client.git;a=commitdiff;h=c9af40d0e85881bbc7be1459e3813d4f8d6e4fe1
I think that it is a futile attempt to overcome the initial problem
of having too many permissions to deal with.
How about removing them instead? That means not having the complete
"API" of YaST accessible via DBus, but it is not a real API anyway.
Instead, we should build the API to fit the permissions.
What about use two tool over permissions? So we provide via dbus atomic
permission to change one enclosed atribute and then have in webyast
client for changing permission which provide agregate permissions and
can change set of atomic permissions like Change http server which
ensure that all atomic permission needed for http server is provided (of
course provide info what atomic permission it is). I think that for
admins is more important what exactly can user change (single values)
then high level abstraction permission which can change more then admin
want.
Josef
--
To unsubscribe, e-mail: yast-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-devel+help@xxxxxxxxxxxx
| < Previous | Next > |