Mailinglist Archive: yast-devel (128 mails)

< Previous Next >
[yast-devel] Webyast - roles management
  • From: Josef Reidinger <jreidinger@xxxxxxx>
  • Date: Tue, 23 Feb 2010 19:02:54 +0100
  • Message-id: <201002231902.54636.jreidinger@xxxxxxx>
Hi,
I get this task and I think it is time to little discussion what is possible
and how it should be done. (how it looks I think is decided - it is similar to
groups).

Roles is something like mark which grants user set of actions. So e.g. role HR
admin can add/remove users and edits its details it is one role but it contains
more permissions.

At first I investigate little how lib/yast_roles.rb work...and it doesn't work.
I try play with polkit and if you ask for user which doesn't have UID it fails.
Problem is that roles doesn't have UID. So roles must be stored beside.

My proposal how it could work.

We have defined list of roles in one yaml file. owned by yastws, strict
permissions. This list contain role and its permissions.
Then we have second list which assign to role its users.
If user get into role it get permissions of this role.
If user remove from role all permissions is removed and again all roles is
applied.
If role is modified then all users in this role has removed permissions and all
roles is again applied (the longest variant but roles should change only rare).

So permission module is changed that it act on roles not on users for appliance.
For non-appliance usage it acts on users. ( I plan create two package to easier
maintenance).

I welcome any comments, hints or questions

Josef

--
Josef Reidinger
YaST team
maintainer of perl-Bootloader, YaST2-Repair, parts of webyast
--
To unsubscribe, e-mail: yast-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-devel+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups