Stefan Schubert napsal(a):
Hi, that is a good point which I should document in Wiki:
-In order not loosing the overview about the rights use granulating only if it is useful for the user/admin. -WebYaST rights and YaST-DBUS rights has to be identically in order keeping the overview. -Use rights for special values/tasks only if we can provide this single information in one request only. e.g. GET <machine>language/second_language.xml - If the YaST-DBUS interface supports this granulation and WebYaST does not we will have to "summarize" rights.
For example the language module has only one GET/PUT request:
GET <machine>/language.xml
This returns the *complete* language information like current utf8 rootlocale ... .. .
This is not true for language-0.0.2, where is there only one GET/PUT, but it respect rights. So if you have rights only to read rootlocale, then you see in webclient only this one element. Same in put, where you can set only things on which you has permissions (so is valid send PUT with only rootlocale setted (I think that I forget in webclient implement disabling)). So you have only one form but object in that form is variable and depend on permission and same what element you have enabled. And get/set subtree is good idea, as it allow better structuring and also give pressure to use same standards for dbus calls (only getter and setters) which is ideal stateless interface. Also it force close setters which doesn't depend on any other call from interface. JFYI due to bug https://bugzilla.novell.com/show_bug.cgi?id=512569 is not possible to send more complex structures in dbus, even it is supported by dbus (like list of map), so some getter require some string serializing. Josef
So it makes no sense for the admin who has to set the concerning rights setting each single language right for each user. He only wants to set that the user has read or write access.
We can solve this by using structured name:
org.opensuse.yast.modules.yapi.language.getlanguages org.opensuse.yast.modules.yapi.language.getcurrentlanguage org.opensuse.yast.modules.yapi.language.isutf8 org.opensuse.yast.modules.yapi.language.getrootlang org.opensuse.yast.modules.yapi.language.setcurrentlanguage org.opensuse.yast.modules.yapi.language.setutf8 org.opensuse.yast.modules.yapi.language.setrootlang
Should become:
org.opensuse.yast.modules.yapi.language.get-languages org.opensuse.yast.modules.yapi.language.get-currentlanguage org.opensuse.yast.modules.yapi.language.get-utf8 org.opensuse.yast.modules.yapi.language.get-rootlang org.opensuse.yast.modules.yapi.language.set-currentlanguage org.opensuse.yast.modules.yapi.language.set-utf8 org.opensuse.yast.modules.yapi.language.set-rootlang
So we are able to generate a tree structure of the rights like get -languages -currentlanguage -utf8 -rootlang set -currentlanguage -utf8 -rootlang
Which can be shown in the UI and the admin has to select the root branch "get" or "set" only in order to change the permission for all "child" rights. This will be handled by the permission rest-service of WebYaST.
Any other thoughts or possibilities ?
Greetings Stefan
Josef Reidinger schrieb:
During developing my webyast modules I find, that using dbus and my YaPI quite increase amount of webyast policykit permissions. Is there any policy how detailed should be that permissions? E.g. if I have language module and for each expected features (language, utf8 and root locale) has getter and setter and getter for language list in YaPI it is 7 permissions in policy-kit. So I can change it to one read/write YaPI ( only 2 permissions) call or let it for each configuration option. josef
-- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org