On 8/2/10 7:05 PM, Colin Coe wrote:
Hey Colin,
So essentially this was more related to rhn.redhat.com (the hosted service).
In order to be able to create other users, it was required to have at least
one management entitlement. And thus, each org currently requires at least
one management entitlement to be able to see/access the users tab.
Satellite requires a management entitlement for each system, so this
restriction is really pretty silly. We've talked about removing it, but
haven't really ever gotten around to it. Feel free to remove this
restriction.
Looking at your patch, you would need to call the stored procedure if you
wanted to transfer an entitlement from one org to the next (just doing an
insert doesn't preserve entitlement validation for satellite users). I
wouldn't bother with trying to automatically move give management
entitlements to a new org, i would just remove the original restriction from
those User tabs.
-Justin
Hi Justin
Based on the above and the quick chat in IRC I'll revert my changes
(the diff I posted) and poke at it again.
Thanks
CC
Hi Justin
Is this about what you had in mind?
---
diff --git a/java/code/webapp/WEB-INF/nav/sitenav-authenticated.xml
b/java/code/webapp/WEB-INF/nav/sitenav-authenticated.xml
index 15b6c63..be5b5db 100644
--- a/java/code/webapp/WEB-INF/nav/sitenav-authenticated.xml
+++ b/java/code/webapp/WEB-INF/nav/sitenav-authenticated.xml
@@ -202,12 +202,12 @@
<rhn-tab name="Completed Actions"
url="/rhn/schedule/CompletedActions.do"/>
<rhn-tab name="Archived Actions" url="/rhn/schedule/ArchivedActions.do"/>
</rhn-tab>
-<rhn-tab name="Users" url="/rhn/users/ActiveList.do"
acl="org_entitlement(sw_mgr_enterprise); user_role(org_admin)"
active-image="tab-users-selected.gif" i
-<rhn-tab name="User List"
acl="org_entitlement(sw_mgr_enterprise); user_role(org_admin)"
url="/rhn/users/ActiveList.do">
+<rhn-tab name="Users" url="/rhn/users/ActiveList.do"
acl="user_role(org_admin)" active-image="tab-users-selected.gif"
inactive-image="tab-users.gif">
+<rhn-tab name="User List" acl="user_role(org_admin)"
url="/rhn/users/ActiveList.do">
<rhn-tab-directory>/rhn/users</rhn-tab-directory>
-<rhn-tab name="users.nav.active"
acl="org_entitlement(sw_mgr_enterprise); user_role(org_admin)"
url="/rhn/users/ActiveList.do"/>
-<rhn-tab name="users.nav.disabled"
acl="org_entitlement(sw_mgr_enterprise); user_role(org_admin)"
url="/rhn/users/DisabledList.do"/>
-<rhn-tab name="users.nav.all"
acl="org_entitlement(sw_mgr_enterprise); user_role(org_admin)"
url="/rhn/users/UserList.do"/>
+<rhn-tab name="users.nav.active" acl="user_role(org_admin)"
url="/rhn/users/ActiveList.do"/>
+<rhn-tab name="users.nav.disabled" acl="user_role(org_admin)"
url="/rhn/users/DisabledList.do"/>
+<rhn-tab name="users.nav.all" acl="user_role(org_admin)"
url="/rhn/users/UserList.do"/>
</rhn-tab>
</rhn-tab>
<rhn-tab name="Monitoring" url="/rhn/monitoring/ProbeList.do"
active-image="tab-monitoring-selected.gif"
inactive-image="tab-monitoring.gif" acl="show_moni
diff --git a/java/code/webapp/WEB-INF/struts-config.xml
b/java/code/webapp/WEB-INF/struts-config.xml
index 79f713d..9371f0d 100644
--- a/java/code/webapp/WEB-INF/struts-config.xml
+++ b/java/code/webapp/WEB-INF/struts-config.xml
@@ -1438,7 +1438,7 @@
type="com.redhat.rhn.frontend.action.user.EnabledListSetupAction"
className="com.redhat.rhn.frontend.struts.RhnActionMapping">
<set-property property="acls"
- value="org_entitlement(sw_mgr_enterprise);
user_role(org_admin)"/>
+ value="user_role(org_admin)"/>
<forward name="default"
path="/WEB-INF/pages/admin/users/activelist.jsp" />
</action>
@@ -1448,7 +1448,7 @@
type="com.redhat.rhn.frontend.action.user.DisabledListSetupAction"
className="com.redhat.rhn.frontend.struts.RhnActionMapping">
<set-property property="acls"
- value="org_entitlement(sw_mgr_enterprise);
user_role(org_admin)"/>
+ value="user_role(org_admin)"/>
<forward name="default"
path="/WEB-INF/pages/admin/users/disabledlist.jsp" />
<forward name="enable" path="/users/EnableConfirm.do"
redirect="true" />
</action>
@@ -1460,7 +1460,7 @@
className="com.redhat.rhn.frontend.struts.RhnActionMapping"
parameter="dispatch">
<set-property property="acls"
- value="org_entitlement(sw_mgr_enterprise);
user_role(org_admin)"/>
+ value="user_role(org_admin)"/>
<forward name="default" path="/users/DisabledList.do" redirect="true"
/>
<forward name="enable" path="/users/EnableConfirm.do" redirect="true"
/>
</action>
@@ -1471,7 +1471,7 @@
type="com.redhat.rhn.frontend.action.user.EnableConfirmSetupAction"
className="com.redhat.rhn.frontend.struts.RhnActionMapping">
<set-property property="acls"
- value="org_entitlement(sw_mgr_enterprise);
user_role(org_admin)"/>
+ value="user_role(org_admin)"/>
<forward name="default"
path="/WEB-INF/pages/admin/users/userconfirm.jsp" />
<forward name="enabled" path="/users/ActiveList.do" redirect="true" />
</action>
@@ -1483,7 +1483,7 @@
type="com.redhat.rhn.frontend.action.user.ChannelPermsSetupAction"
className="com.redhat.rhn.frontend.struts.RhnActionMapping">
<set-property property="acls"
- value="org_entitlement(sw_mgr_enterprise);
user_role(org_admin)"/>
+ value="user_role(org_admin)"/>
<forward name="default" path="/WEB-INF/pages/admin/channelperms.jsp" />
</action>
@@ -1494,7 +1494,7 @@
type="com.redhat.rhn.frontend.action.user.ChannelPermsAction"
className="com.redhat.rhn.frontend.struts.RhnActionMapping">
<set-property property="acls"
- value="org_entitlement(sw_mgr_enterprise);
user_role(org_admin)"/>
+ value="user_role(org_admin)"/>
<forward name="subscribe" path="/users/ChannelPerms.do"
redirect="true" />
<forward name="manage" path="/users/ChannelManagementPerms.do"
redirect="true" />
</action>
@@ -1506,7 +1506,7 @@
type="com.redhat.rhn.frontend.action.user.ChannelManagementPermsSetupAction"
className="com.redhat.rhn.frontend.struts.RhnActionMapping">
<set-property property="acls"
- value="org_entitlement(sw_mgr_enterprise);
user_role(org_admin)"/>
+ value="user_role(org_admin)"/>
<forward name="default"
path="/WEB-INF/pages/admin/channelmanagementperms.jsp" />
</action>
@@ -1516,7 +1516,7 @@
type="com.redhat.rhn.frontend.action.user.VisibleSystemsListSetupAction"
className="com.redhat.rhn.frontend.struts.RhnActionMapping">
<set-property property="acls"
- value="org_entitlement(sw_mgr_enterprise);
user_role(org_admin)"/>
+ value="user_role(org_admin)"/>
<forward name="default"
path="/WEB-INF/pages/admin/users/systemsadmined.jsp" />
</action>
@@ -1527,7 +1527,7 @@
className="com.redhat.rhn.frontend.struts.RhnActionMapping"
parameter="dispatch">
<set-property property="acls"
- value="org_entitlement(sw_mgr_enterprise);
user_role(org_admin)"/>
+ value="user_role(org_admin)"/>
<forward name="default" path="/users/SystemsAdmined.do"
redirect="true"/>
</action>
@@ -1537,7 +1537,7 @@
type="com.redhat.rhn.frontend.action.user.DeleteUserSetupAction"
className="com.redhat.rhn.frontend.struts.RhnActionMapping">
<set-property property="acls"
- value="org_entitlement(sw_mgr_enterprise);
user_role(org_admin)"/>
+ value="user_role(org_admin)"/>
<forward name="default"
path="/WEB-INF/pages/admin/users/deleteuser.jsp"/>
</action>
@@ -1547,7 +1547,7 @@
type="com.redhat.rhn.frontend.action.user.DeleteUserAction"
className="com.redhat.rhn.frontend.struts.RhnActionMapping">
<set-property property="acls"
- value="org_entitlement(sw_mgr_enterprise);
user_role(org_admin)"/>
+ value="user_role(org_admin)"/>
<forward name="success" path="/users/ActiveList.do" redirect="true"/>
<forward name="failure" path="/users/UserDetails.do" redirect="false"/>
</action>
@@ -1558,7 +1558,7 @@
type="com.redhat.rhn.frontend.action.user.DisableUserSetupAction"
className="com.redhat.rhn.frontend.struts.RhnActionMapping">
<set-property property="acls"
- value="org_entitlement(sw_mgr_enterprise);
user_role(org_admin)"/>
+ value="user_role(org_admin)"/>
<forward name="default"
path="/WEB-INF/pages/admin/users/disableuser.jsp"/>
</action>
@@ -1568,7 +1568,7 @@
type="com.redhat.rhn.frontend.action.user.DisableUserAction"
className="com.redhat.rhn.frontend.struts.RhnActionMapping">
<set-property property="acls"
- value="org_entitlement(sw_mgr_enterprise);
user_role(org_admin)"/>
+ value="user_role(org_admin)"/>
<forward name="success" path="/users/ActiveList.do" redirect="true"/>
<forward name="failure" path="/users/UserDetails.do" redirect="false"/>
</action>
---
CC
Hey Colin,
That looks excellent! Exactly what i was thinking.
-Justin
_______________________________________________
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
