6:28 a.m.
On 07/11/2014 03:31 AM, Wen Wang wrote:
Thanks Aline, I think there might be some issues by changing the xml
file manually. From the *tabs.xml* we get the mode that a user should
have but it doesn't change when we change user. I have applied your code
and it's something like this:
Either using a guest or root we can only get the permitted tabs of the
guest. Can we have the kimchi/config/ui/tabs.xml changed automatically
according to the logged in user. Role distinguishing can be done in the
back-end and add the right mode to this xml file automatically? Or else
we might need to find other ways to transfer the user roles.
From what we have discussed in "[Kimchi-devel] RFC: Design of
Authorization in Kimchi" I understood the "mode" attribute will only be
used for a "user" role and ignored if the user has a "admin" role as
he/she has full control on kimchi
Example, in JS would have a code like:
if "admin" in roles:
# upload all tabs
elif "user" in roles:
# read mode attribute
But thinking in the future roles we will have we will need to do what
you proposed by changing tabs.xml automatically.
I will send a V2 patch with that
Thanks for the review.
Best regards
Wang Wen
On 7/11/2014 10:16 AM, alinefm(a)linux.vnet.ibm.com wrote:
> From: Aline Manera<alinefm(a)linux.vnet.ibm.com>
>
> Kimchi has 2 user roles: "admin" with full control of Kimchi features
> and "user" with limited access
> To describe how each tab should be displayed for a user, the "mode"
> attribute should be added.
> The "mode" attribute values are:
>
> - none: do not show the tab;
> - admin: full instance access;
> - read-only: read-only access;
> - byInstance: each resource will have its configuration sent by the
> backend;
>
> The user will only be able to manage the guests he/she is assigned for,
> because that the guest tab has 'mode' == admin
> As a user can edit a guest, he/she may need to know which networks
> and storage pools are configured, so set network and storage tab 'mode'
> to read-only.
> And as user should not perform any operation on host or templates, set
> their 'mode' attributes to 'none'.
>
> Signed-off-by: Aline Manera<alinefm(a)linux.vnet.ibm.com>
> ---
> config/ui/tabs.xml | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/config/ui/tabs.xml b/config/ui/tabs.xml
> index b045521..b8e7bd6 100644
> --- a/config/ui/tabs.xml
> +++ b/config/ui/tabs.xml
> @@ -1,22 +1,22 @@
> <?xml version="1.0" encoding="utf-8"?>
> <tabs>
> - <tab>
> + <tab mode="none">
> <title>Host</title>
> <path>tabs/host.html</path>
> </tab>
> - <tab>
> + <tab mode="admin">
> <title>Guests</title>
> <path>tabs/guests.html</path>
> </tab>
> - <tab>
> + <tab mode="none">
> <title>Templates</title>
> <path>tabs/templates.html</path>
> </tab>
> - <tab>
> + <tab mode="read-only">
> <title>Storage</title>
> <path>tabs/storage.html</path>
> </tab>
> - <tab>
> + <tab mode="read-only">
> <title>Network</title>
> <path>tabs/network.html</path>
> </tab>
_______________________________________________
Kimchi-devel mailing list
Kimchi-devel(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/kimchi-devel