[Kimchi-devel] [PATCH 2/3] authorization: Add "access" elements to tabs.xml to describe user view

alinefm at linux.vnet.ibm.com alinefm at linux.vnet.ibm.com
Tue Jul 15 19:44:28 UTC 2014


From: Aline Manera <alinefm at linux.vnet.ibm.com>

Kimchi has 2 user roles: "admin" with full control of Kimchi features
and "user" with limited access
To describe how each tab should be displayed to user, an "access"
element was added to tabs.xml indicating which view mode each role has.

<access role="..." mode="..."/>

The "mode" attribute values are:

- none: do not show the tab;
- admin: full instance access;
- read-only:  read-only access;
- byInstance: each resource will have its configuration sent by the
  backend ("access" parameter);

The user will only be able to manage the guests he/she is assigned for,
because that the guest tab has 'mode' == by-instance.
That way each VM will have a new parameter "access" indicating if user has
"full" or "read-only" access to this VM.

As a user can edit a guest, he/she may need to know which networks
and storage pools are configured, so set network and storage tab 'mode'
to read-only.

And as user should not perform any operation on host or templates, set
their 'mode' attributes to 'none'.

Signed-off-by: Aline Manera <alinefm at linux.vnet.ibm.com>
---
 config/ui/tabs.xml                   | 15 +++++++++++++++
 plugins/sample/ui/config/tab-ext.xml |  3 +++
 2 files changed, 18 insertions(+)

diff --git a/config/ui/tabs.xml b/config/ui/tabs.xml
index b045521..f79684c 100644
--- a/config/ui/tabs.xml
+++ b/config/ui/tabs.xml
@@ -1,22 +1,37 @@
 <?xml version="1.0" encoding="utf-8"?>
 <tabs>
     <tab>
+        <access role="admin" mode="admin"/>
+        <access role="user" mode="none"/>
+
         <title>Host</title>
         <path>tabs/host.html</path>
     </tab>
     <tab>
+        <access role="admin" mode="admin"/>
+        <access role="user" mode="byInstance"/>
+
         <title>Guests</title>
         <path>tabs/guests.html</path>
     </tab>
     <tab>
+        <access role="admin" mode="admin"/>
+        <access role="user" mode="none"/>
+
         <title>Templates</title>
         <path>tabs/templates.html</path>
     </tab>
     <tab>
+        <access role="admin" mode="admin"/>
+        <access role="user" mode="read-only"/>
+
         <title>Storage</title>
         <path>tabs/storage.html</path>
     </tab>
     <tab>
+        <access role="admin" mode="admin"/>
+        <access role="user" mode="read-only"/>
+
         <title>Network</title>
         <path>tabs/network.html</path>
     </tab>
diff --git a/plugins/sample/ui/config/tab-ext.xml b/plugins/sample/ui/config/tab-ext.xml
index 8e0b3d3..a1fb1c2 100644
--- a/plugins/sample/ui/config/tab-ext.xml
+++ b/plugins/sample/ui/config/tab-ext.xml
@@ -1,6 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <tabs-ext>
     <tab>
+        <access role="admin" mode="admin"/>
+        <access role="user" mode="none"/>
+
         <title>SampleTab</title>
         <path>plugins/sample/tab.html</path>
     </tab>
-- 
1.9.3




More information about the Kimchi-devel mailing list