On 07/11/2014 03:31 AM, Wen Wang wrote:
Thanks Aline, I think there might be some issues by changing the xml file manually. From the *tabs.xml* we get the mode that a user should have but it doesn't change when we change user. I have applied your code and it's something like this:
Either using a guest or root we can only get the permitted tabs of the guest. Can we have the kimchi/config/ui/tabs.xml changed automatically according to the logged in user. Role distinguishing can be done in the back-end and add the right mode to this xml file automatically? Or else we might need to find other ways to transfer the user roles.
From what we have discussed in "[Kimchi-devel] RFC: Design of Authorization in Kimchi" I understood the "mode" attribute will only be used for a "user" role and ignored if the user has a "admin" role as he/she has full control on kimchi Example, in JS would have a code like: if "admin" in roles: # upload all tabs elif "user" in roles: # read mode attribute But thinking in the future roles we will have we will need to do what you proposed by changing tabs.xml automatically. I will send a V2 patch with that Thanks for the review.
Best regards Wang Wen
On 7/11/2014 10:16 AM, alinefm@linux.vnet.ibm.com wrote:
From: Aline Manera<alinefm@linux.vnet.ibm.com>
Kimchi has 2 user roles: "admin" with full control of Kimchi features and "user" with limited access To describe how each tab should be displayed for a user, the "mode" attribute should be added. The "mode" attribute values are:
- none: do not show the tab; - admin: full instance access; - read-only: read-only access; - byInstance: each resource will have its configuration sent by the backend;
The user will only be able to manage the guests he/she is assigned for, because that the guest tab has 'mode' == admin As a user can edit a guest, he/she may need to know which networks and storage pools are configured, so set network and storage tab 'mode' to read-only. And as user should not perform any operation on host or templates, set their 'mode' attributes to 'none'.
Signed-off-by: Aline Manera<alinefm@linux.vnet.ibm.com> --- config/ui/tabs.xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/config/ui/tabs.xml b/config/ui/tabs.xml index b045521..b8e7bd6 100644 --- a/config/ui/tabs.xml +++ b/config/ui/tabs.xml @@ -1,22 +1,22 @@ <?xml version="1.0" encoding="utf-8"?> <tabs> - <tab> + <tab mode="none"> <title>Host</title> <path>tabs/host.html</path> </tab> - <tab> + <tab mode="admin"> <title>Guests</title> <path>tabs/guests.html</path> </tab> - <tab> + <tab mode="none"> <title>Templates</title> <path>tabs/templates.html</path> </tab> - <tab> + <tab mode="read-only"> <title>Storage</title> <path>tabs/storage.html</path> </tab> - <tab> + <tab mode="read-only"> <title>Network</title> <path>tabs/network.html</path> </tab>
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel