From alinefm at linux.vnet.ibm.com Fri Jul 11 07:28:50 2014 Content-Type: multipart/mixed; boundary="===============6751041104293186893==" MIME-Version: 1.0 From: Aline Manera To: kimchi-devel at ovirt.org Subject: Re: [Kimchi-devel] [PATCH 2/2] authorization: Add "mode" attribute to describe user view Date: Fri, 11 Jul 2014 08:28:42 -0300 Message-ID: <53BFCA6A.90709@linux.vnet.ibm.com> In-Reply-To: 53BF84DF.6060907@linux.vnet.ibm.com --===============6751041104293186893== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable On 07/11/2014 03:31 AM, Wen Wang wrote: > Thanks Aline, I think there might be some issues by changing the xml > file manually. From the *tabs.xml* we get the mode that a user should > have but it doesn't change when we change user. I have applied your code > and it's something like this: > > > > Either using a guest or root we can only get the permitted tabs of the > guest. Can we have the kimchi/config/ui/tabs.xml changed automatically > according to the logged in user. Role distinguishing can be done in the > back-end and add the right mode to this xml file automatically? Or else > we might need to find other ways to transfer the user roles. > From what we have discussed in "[Kimchi-devel] RFC: Design of = Authorization in Kimchi" I understood the "mode" attribute will only be = used for a "user" role and ignored if the user has a "admin" role as = he/she has full control on kimchi Example, in JS would have a code like: if "admin" in roles: # upload all tabs elif "user" in roles: # read mode attribute But thinking in the future roles we will have we will need to do what = you proposed by changing tabs.xml automatically. I will send a V2 patch with that Thanks for the review. > Best regards > Wang Wen > > On 7/11/2014 10:16 AM, alinefm(a)linux.vnet.ibm.com wrote: >> From: Aline Manera >> >> Kimchi has 2 user roles: "admin" with full control of Kimchi features >> and "user" with limited access >> To describe how each tab should be displayed for a user, the "mode" >> attribute should be added. >> The "mode" attribute values are: >> >> - none: do not show the tab; >> - admin: full instance access; >> - read-only: read-only access; >> - byInstance: each resource will have its configuration sent by the >> backend; >> >> The user will only be able to manage the guests he/she is assigned for, >> because that the guest tab has 'mode' =3D=3D admin >> As a user can edit a guest, he/she may need to know which networks >> and storage pools are configured, so set network and storage tab 'mode' >> to read-only. >> And as user should not perform any operation on host or templates, set >> their 'mode' attributes to 'none'. >> >> Signed-off-by: Aline Manera >> --- >> config/ui/tabs.xml | 10 +++++----- >> 1 file changed, 5 insertions(+), 5 deletions(-) >> >> diff --git a/config/ui/tabs.xml b/config/ui/tabs.xml >> index b045521..b8e7bd6 100644 >> --- a/config/ui/tabs.xml >> +++ b/config/ui/tabs.xml >> @@ -1,22 +1,22 @@ >> >> >> - >> + >> Host >> tabs/host.html >> >> - >> + >> Guests >> tabs/guests.html >> >> - >> + >> Templates >> tabs/templates.html >> >> - >> + >> Storage >> tabs/storage.html >> >> - >> + >> Network >> tabs/network.html >> > > > > _______________________________________________ > Kimchi-devel mailing list > Kimchi-devel(a)ovirt.org > http://lists.ovirt.org/mailman/listinfo/kimchi-devel > --===============6751041104293186893==--