Re: [Kimchi-devel] [PATCH 2/2] authorization: Add "mode" attribute to describe user view

On 07/11/2014 03:31 AM, Wen Wang wrote: > Thanks Aline, I think there might be some issues by changing the xml > file manually. From the *tabs.xml* we get the mode that a user should > have but it doesn't change when we change user. I have applied your code > and it's something like this: > > > > Either using a guest or root we can only get the permitted tabs of the > guest. Can we have the kimchi/config/ui/tabs.xml changed automatically > according to the logged in user. Role distinguishing can be done in the > back-end and add the right mode to this xml file automatically? Or else > we might need to find other ways to transfer the user roles. > From what we have discussed in "[Kimchi-devel] RFC: Design of Authorization in Kimchi" I understood the "mode" attribute will only be used for a "user" role and ignored if the user has a "admin" role as he/she has full control on kimchi Example, in JS would have a code like: if "admin" in roles: # upload all tabs elif "user" in roles: # read mode attribute But thinking in the future roles we will have we will need to do what you proposed by changing tabs.xml automatically. I will send a V2 patch with that

Thanks for the review. > Best regards > Wang Wen > > On 7/11/2014 10:16 AM, alinefm(a)linux.vnet.ibm.com wrote: >> From: Aline Manera&lt;alinefm(a)linux.vnet.ibm.com&gt; >> >> Kimchi has 2 user roles: "admin" with full control of Kimchi features >> and "user" with limited access >> To describe how each tab should be displayed for a user, the "mode" >> attribute should be added. >> The "mode" attribute values are: >> >> - none: do not show the tab; >> - admin: full instance access; >> - read-only: read-only access; >> - byInstance: each resource will have its configuration sent by the >> backend; >> >> The user will only be able to manage the guests he/she is assigned for, >> because that the guest tab has 'mode' == admin >> As a user can edit a guest, he/she may need to know which networks >> and storage pools are configured, so set network and storage tab 'mode' >> to read-only. >> And as user should not perform any operation on host or templates, set >> their 'mode' attributes to 'none'. >> >> Signed-off-by: Aline Manera&lt;alinefm(a)linux.vnet.ibm.com&gt; >> --- >> config/ui/tabs.xml | 10 +++++----- >> 1 file changed, 5 insertions(+), 5 deletions(-) >> >> diff --git a/config/ui/tabs.xml b/config/ui/tabs.xml >> index b045521..b8e7bd6 100644 >> --- a/config/ui/tabs.xml >> +++ b/config/ui/tabs.xml >> @@ -1,22 +1,22 @@ >> <?xml version="1.0" encoding="utf-8"?> >> <tabs> >> - <tab> >> + <tab mode="none"> >> <title>Host</title> >> <path>tabs/host.html</path> >> </tab> >> - <tab> >> + <tab mode="admin"> >> <title>Guests</title> >> <path>tabs/guests.html</path> >> </tab> >> - <tab> >> + <tab mode="none"> >> <title>Templates</title> >> <path>tabs/templates.html</path> >> </tab> >> - <tab> >> + <tab mode="read-only"> >> <title>Storage</title> >> <path>tabs/storage.html</path> >> </tab> >> - <tab> >> + <tab mode="read-only"> >> <title>Network</title> >> <path>tabs/network.html</path> >> </tab> > > > > _______________________________________________ > Kimchi-devel mailing list > Kimchi-devel(a)ovirt.org > http://lists.ovirt.org/mailman/listinfo/kimchi-devel > _______________________________________________ Kimchi-devel mailing list Kimchi-devel(a)ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel