[yast-devel] Webyast - Roles management
Hi, I finish first working proof of concept of roles management. Please try it and write what do you thing about it. You can test it directly from git as it is still under heavy development. Just run rake deploy_local for (for webservice-base and webservice-roles). description: each role contain permissions and users. Permissions say what permission has user involved in role. Permissions is unioned so if you have role RBA which has time.read and role RB time.write, then user which is involved in both roles has rights to time.read and time.write known issues: - User interface is still far from my idea. it should be accordeon which open role with two tabs for assign user and permission - you can do suicide if you remove assign user which runs webyast to roles which doesn't have permission.write - user is only one which is known to Users module Feel free to write your opinions, ideas and complains (and of course bug report as it is really just non-stable preview) Josef -- Josef Reidinger YaST team maintainer of perl-Bootloader, YaST2-Repair, parts of webyast -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
On Tue, May 25, 2010 at 12:58:58PM +0200, Josef Reidinger wrote:
I finish first working proof of concept of roles management. Please try it and write what do you thing about it. You can test it directly from git as it is still under heavy development. Just run rake deploy_local for (for webservice-base and webservice-roles).
I have tested it and found this. Tell me if you want Bugzilla entries for some of these. 1) rake deploy_local created world-writable files I've patched the rakefiles to take the deployment user as an optional parameter: rake deploy_local[mvidner] 2) role names are not validated/escaped I've created these roles: * Hamlet * správce sítí sítí * J. <b>Tučný</b> * <i>kurziva</i> * ?para&kesu&vlassky They are not escaped in the role list, nor in the URL. Only Hamlet can be edited, others give 400 or 500. 3) some permissions are not abbreviated My list of available permissions looks strange. It might be a result of historical chaotic deployment. OTOH roles.* are fresh so I would expect them abbreviated like network.* * language.read * language.write * network.read * network.write * org.opensuse.yast.commandline.execute * org.opensuse.yast.commandline.read * org.opensuse.yast.permissions.read * org.opensuse.yast.permissions.write * org.opensuse.yast.roles.assign * org.opensuse.yast.roles.modify * org.opensuse.yast.system.patches.install * org.opensuse.yast.system.patches.read * org.opensuse.yast.system.time.read * org.opensuse.yast.system.time.write * registration.getregistrationconfig * registration.setregistrationconfig * registration.statelessregister * services.execute * services.read * time.read * time.write * users.useradd * users.userdelete * users.userget * users.usermodify * users.usersget 4) changes in a role are not saved I added a few permissions to a role (Hamlet, which had been empty). I see no error message in the browser or on the consoles, but the configuration files are not changed 5) no mention of users My user module does not show any users, that's a probable reason. But I'd expect something like "No users found on your system, that's strange. <a href=/users>Manage users</a>" 6) no "Back" link to /roles in /roles/foo/edit -- Martin Vidner, YaST developer http://en.opensuse.org/User:Mvidner Kuracke oddeleni v restauraci je jako fekalni oddeleni v bazenu
Martin Vidner write:
On Tue, May 25, 2010 at 12:58:58PM +0200, Josef Reidinger wrote:
I finish first working proof of concept of roles management. Please try it and write what do you thing about it. You can test it directly from git as it is still under heavy development. Just run rake deploy_local for (for webservice-base and webservice-roles).
I have tested it and found this. Tell me if you want Bugzilla entries for some of these.
1) rake deploy_local created world-writable files
I've patched the rakefiles to take the deployment user as an optional parameter: rake deploy_local[mvidner]
2) role names are not validated/escaped
I've created these roles: * Hamlet * správce sítí sítí * J. <b>Tučný</b> * <i>kurziva</i> * ?para&kesu&vlassky
They are not escaped in the role list, nor in the URL. Only Hamlet can be edited, others give 400 or 500.
Please create bug report. I planned it and of course forget.
3) some permissions are not abbreviated
My list of available permissions looks strange. It might be a result of historical chaotic deployment. OTOH roles.* are fresh so I would expect them abbreviated like network.*
* language.read * language.write * network.read * network.write * org.opensuse.yast.commandline.execute * org.opensuse.yast.commandline.read * org.opensuse.yast.permissions.read * org.opensuse.yast.permissions.write * org.opensuse.yast.roles.assign * org.opensuse.yast.roles.modify * org.opensuse.yast.system.patches.install * org.opensuse.yast.system.patches.read * org.opensuse.yast.system.time.read * org.opensuse.yast.system.time.write * registration.getregistrationconfig * registration.setregistrationconfig * registration.statelessregister * services.execute * services.read * time.read * time.write * users.useradd * users.userdelete * users.userget * users.usermodify * users.usersget
It is not automatic, it is just eye-improvement which mkudlvasr (works on real UI) plan change. Of course it is not problem to abbreviate it too.
4) changes in a role are not saved
I added a few permissions to a role (Hamlet, which had been empty). I see no error message in the browser or on the consoles, but the configuration files are not changed
This is strange, please report it together with exact step how to reproduce it.
5) no mention of users
My user module does not show any users, that's a probable reason. But I'd expect something like "No users found on your system, that's strange. <a href=/users>Manage users</a>"
Yes, please report it, so Martin could consider it when design UI.
6) no "Back" link to /roles in /roles/foo/edit
same as above. Thanks Josef -- Josef Reidinger YaST team maintainer of perl-Bootloader, YaST2-Repair, parts of webyast -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
participants (2)
-
Josef Reidinger -
Martin Vidner