It's authorization that I am talking about, please ignore this one and I
will send another e-mail. Sorry for the inconvenience.
On 7/7/2014 4:40 PM, Wen Wang wrote:
Due to the fact that Kimchi needs authentication feature to be
designed. I an posting my point of view below of how I thought about
doing it, including how I plan doing it in the front-end and request
for help for the back end support.
Kimchi changed to a traditional login patten in last release that
makes Kimchi more secure to use. It Before login, the front-end can
hardly get any html information before user actually login. As we
discussed, root user will have full access to Kimchi whereas the
non-root user will have restricted privileges. It will be easier and
more decent to show the proper tabs to certain users that
distinguished by the back-end. Now the tabs are generated by an xml
file generated from the back-end that show all 5 tabs. We probably
need to have the '*Host*' and '*template*' tab_removed_ for non-root
users, which is recommended to be done in the back-end.
Also there need to be information provided to the front-end like the
user-name, user-role as well as user-group, etc. that indicate user
identity after login. The browser need the information to give certain
privileges to certain users and disable the unnecessary functions. My
suggestion is to have these 3 parameters passed: ***user-name,
user-role* as well as *user-group*. There is a better extendibility to
user the user-role other than isRoot so that we can define more roles
in the future. As fact that we have only defined two roles now, the
user-role parameter can be divided into root and guest based on user
is root or non-root. These message can get from *sessiondada*, *cookie
*or passed according to a query. the way passing the info of the user
is still under discussion. Request for your advises.
Kimchi-devel mailing list