From: Aline Manera <alinefm(a)linux.vnet.ibm.com>
V2 -> V3:
- Update backend authorization rules to reflect our last discussions
- Use .getiterator() instead of .iter() while reading xml files
- Get role according tab instead of sudo rights
To do that I needed to add a new parameter to UrlSubNode() as Kimchi protects
its API URIs and the user role is per tab, I need to know which URIs is used
in each tab
V1 -> V2:
- Add "access" elements to describe role/view for each tab
- Return a role map in /login
For each tab, a role will be returned. That way we have more flexibility to
change user role per tab
- Add "access" parameter to VM.lookup()
As the user will have full access to the VM assigned to it, return
"access=full" for all them
Aline Manera (5):
authorization: Update authorization rules per API
authorization: Update /login to return user roles instead of sudo
parameter
authorization: Add "access" elements to tabs.xml to describe user view
authorization: Add "access" parameter to VM resource
authorization: Get role according to tab instead of sudo rights
config/ui/tabs.xml | 15 +++++++++++++
plugins/sample/ui/config/tab-ext.xml | 3 +++
src/kimchi/auth.py | 42 +++++++++++++++++++++++++-----------
src/kimchi/control/debugreports.py | 2 +-
src/kimchi/control/host.py | 2 +-
src/kimchi/control/interfaces.py | 2 +-
src/kimchi/control/networks.py | 2 +-
src/kimchi/control/storagepools.py | 2 +-
src/kimchi/control/storageservers.py | 2 +-
src/kimchi/control/templates.py | 2 +-
src/kimchi/control/utils.py | 4 +++-
src/kimchi/control/vms.py | 2 +-
src/kimchi/mockmodel.py | 3 ++-
src/kimchi/model/vms.py | 3 ++-
src/kimchi/server.py | 1 +
src/kimchi/utils.py | 15 +++++++++++++
tests/test_authorization.py | 8 +++----
tests/test_mockmodel.py | 3 ++-
tests/test_model.py | 3 ++-
tests/test_rest.py | 8 +++++++
tests/utils.py | 6 +++---
21 files changed, 97 insertions(+), 33 deletions(-)
--
1.9.3