[Kimchi-devel] [PATCH 3/5] authorization: Add "access" elements to tabs.xml to describe user view
Daniel H Barboza
danielhb at linux.vnet.ibm.com
Thu Jul 17 17:39:58 UTC 2014
Reviewed-by: Daniel Barboza <danielhb at linux.vnet.ibm.com>
Tested-by: Daniel Barboza <danielhb at linux.vnet.ibm.com>
On 07/16/2014 06:52 PM, alinefm at linux.vnet.ibm.com wrote:
> From: Aline Manera <alinefm at linux.vnet.ibm.com>
>
> Kimchi has 2 user roles: "admin" with full control of Kimchi features
> and "user" with limited access
> To describe how each tab should be displayed to user, an "access"
> element was added to tabs.xml indicating which view mode each role has.
>
> <access role="..." mode="..."/>
>
> The "mode" attribute values are:
>
> - none: do not show the tab;
> - admin: full instance access;
> - read-only: read-only access;
> - byInstance: each resource will have its configuration sent by the
> backend ("access" parameter);
>
> The user will only be able to manage the guests he/she is assigned for,
> because that the guest tab has 'mode' == by-instance.
> That way each VM will have a new parameter "access" indicating if user has
> "full" or "read-only" access to this VM.
>
> As a user can edit a guest, he/she may need to know which networks
> and storage pools are configured, so set network and storage tab 'mode'
> to read-only.
>
> And as user should not perform any operation on host or templates, set
> their 'mode' attributes to 'none'.
>
> Signed-off-by: Aline Manera <alinefm at linux.vnet.ibm.com>
> ---
> config/ui/tabs.xml | 15 +++++++++++++++
> plugins/sample/ui/config/tab-ext.xml | 3 +++
> 2 files changed, 18 insertions(+)
>
> diff --git a/config/ui/tabs.xml b/config/ui/tabs.xml
> index b045521..f79684c 100644
> --- a/config/ui/tabs.xml
> +++ b/config/ui/tabs.xml
> @@ -1,22 +1,37 @@
> <?xml version="1.0" encoding="utf-8"?>
> <tabs>
> <tab>
> + <access role="admin" mode="admin"/>
> + <access role="user" mode="none"/>
> +
> <title>Host</title>
> <path>tabs/host.html</path>
> </tab>
> <tab>
> + <access role="admin" mode="admin"/>
> + <access role="user" mode="byInstance"/>
> +
> <title>Guests</title>
> <path>tabs/guests.html</path>
> </tab>
> <tab>
> + <access role="admin" mode="admin"/>
> + <access role="user" mode="none"/>
> +
> <title>Templates</title>
> <path>tabs/templates.html</path>
> </tab>
> <tab>
> + <access role="admin" mode="admin"/>
> + <access role="user" mode="read-only"/>
> +
> <title>Storage</title>
> <path>tabs/storage.html</path>
> </tab>
> <tab>
> + <access role="admin" mode="admin"/>
> + <access role="user" mode="read-only"/>
> +
> <title>Network</title>
> <path>tabs/network.html</path>
> </tab>
> diff --git a/plugins/sample/ui/config/tab-ext.xml b/plugins/sample/ui/config/tab-ext.xml
> index 8e0b3d3..a1fb1c2 100644
> --- a/plugins/sample/ui/config/tab-ext.xml
> +++ b/plugins/sample/ui/config/tab-ext.xml
> @@ -1,6 +1,9 @@
> <?xml version="1.0" encoding="utf-8"?>
> <tabs-ext>
> <tab>
> + <access role="admin" mode="admin"/>
> + <access role="user" mode="none"/>
> +
> <title>SampleTab</title>
> <path>plugins/sample/tab.html</path>
> </tab>
More information about the Kimchi-devel
mailing list