
From: Aline Manera <alinefm@linux.vnet.ibm.com> V2 -> V3: - Update backend authorization rules to reflect our last discussions - Use .getiterator() instead of .iter() while reading xml files - Get role according tab instead of sudo rights To do that I needed to add a new parameter to UrlSubNode() as Kimchi protects its API URIs and the user role is per tab, I need to know which URIs is used in each tab V1 -> V2: - Add "access" elements to describe role/view for each tab - Return a role map in /login For each tab, a role will be returned. That way we have more flexibility to change user role per tab - Add "access" parameter to VM.lookup() As the user will have full access to the VM assigned to it, return "access=full" for all them Aline Manera (5): authorization: Update authorization rules per API authorization: Update /login to return user roles instead of sudo parameter authorization: Add "access" elements to tabs.xml to describe user view authorization: Add "access" parameter to VM resource authorization: Get role according to tab instead of sudo rights config/ui/tabs.xml | 15 +++++++++++++ plugins/sample/ui/config/tab-ext.xml | 3 +++ src/kimchi/auth.py | 42 +++++++++++++++++++++++++----------- src/kimchi/control/debugreports.py | 2 +- src/kimchi/control/host.py | 2 +- src/kimchi/control/interfaces.py | 2 +- src/kimchi/control/networks.py | 2 +- src/kimchi/control/storagepools.py | 2 +- src/kimchi/control/storageservers.py | 2 +- src/kimchi/control/templates.py | 2 +- src/kimchi/control/utils.py | 4 +++- src/kimchi/control/vms.py | 2 +- src/kimchi/mockmodel.py | 3 ++- src/kimchi/model/vms.py | 3 ++- src/kimchi/server.py | 1 + src/kimchi/utils.py | 15 +++++++++++++ tests/test_authorization.py | 8 +++---- tests/test_mockmodel.py | 3 ++- tests/test_model.py | 3 ++- tests/test_rest.py | 8 +++++++ tests/utils.py | 6 +++--- 21 files changed, 97 insertions(+), 33 deletions(-) -- 1.9.3