#430: Multiproduct UI: Administration pages
---------------------------+------------------------------------
Reporter: matevzb | Owner: matevzb
Type: defect | Status: new
Priority: major | Milestone: Release 6
Component: multiproduct | Version:
Resolution: | Keywords: product admin bep-0003
---------------------------+------------------------------------
Changes (by olemis):
* keywords: => product admin bep-0003
* status: closed => new
* resolution: fixed =>
Comment:
I'll reuse this ticket to suggest some enhancements in the administration
area . They are mainly aimed at granting `PRODUCT_ADMIN` users with access
to existing admin panels in product context . This works by the successive
application of a whitelist (contributed by plugins) and a blacklist
(overriding the former in configuration). In order to get all this done a
new permissions context has been developed inspired in ''sudo'' command
available in some ''GNU/Linux'' systems .
Observations :
- Patches plugin admin panel to forbid access in product scope.
- `ProductAdminModule` belongs in `product_admin.py` or `web_ui.py` ?
I chose the former.
- Merge `DefaultProductAdminWhitelist` with `ProductAdminModule` ?
I decided not to do so , mainly to let users to disable the former
and enable another component contributing their a different set
of product admin panels.
- Match admin request with `handler is AdminModule(...)` or
`AdminModule.match_request(req, ...)` or ... ?
The former was used in the patch.
- Proposed admin panels in default white list are :
* general:basics
* general:perm
* accounts:notification
* ticket:*
* versioncontrol:repository
- AFAICT we'll have to upgrade many of those listed above to make
the GUI consistent with a multiproduct user experience and
associated challenges (e.g. shared resources , security ,
navigation paths, ...)
- /me still thinking about whether to relax access to
/admin/general/plugin ... and maybe that will change in the
next few days.
- Shall we include accounts:users in white list ?
I'm hesitant on doing so , especially if users will span over
multiple products (i.e. global resources)
Patch order is as follows :
{{{
#!sh
$ hg qapplied
t430/t430_r1457691_product_plugin_admin.diff
t430/t430_r1457691_product_admin_whitelist.diff
t430/t430_r1458841_product_admin_defaults.diff
$ hg log -r qparent --template="[{svnrev}] - {desc}\n"
[1458841] - #325, added missing imports
}}}
Test report highlight these are ready for commit but work in this area is
still in progress .
{{{
#!sh
$ python setup.py test -m tests.admin.product_admin
running test
running egg_info
writing BloodhoundMultiProduct.egg-info/PKG-INFO
writing top-level names to BloodhoundMultiProduct.egg-info/top_level.txt
writing dependency_links to BloodhoundMultiProduct.egg-
info/dependency_links.txt
writing entry points to BloodhoundMultiProduct.egg-info/entry_points.txt
writing BloodhoundMultiProduct.egg-info/PKG-INFO
writing top-level names to BloodhoundMultiProduct.egg-info/top_level.txt
writing dependency_links to BloodhoundMultiProduct.egg-
info/dependency_links.txt
writing entry points to BloodhoundMultiProduct.egg-info/entry_points.txt
reading manifest file 'BloodhoundMultiProduct.egg-info/SOURCES.txt'
writing manifest file 'BloodhoundMultiProduct.egg-info/SOURCES.txt'
running build_ext
test_init_blacklist (tests.admin.product_admin.ProductAdminSetupTestCase)
... ok
test_init_whitelist (tests.admin.product_admin.ProductAdminSetupTestCase)
... ok
Test blacklisted admin panel with PRODUCT_ADMIN in product env ... ok
Test unspecified admin panel with PRODUCT_ADMIN in product env ... ok
Test whitelisted admin panel with PRODUCT_ADMIN in product env ... ok
Plugin admin panel with PRODUCT_ADMIN in global env ... ok
Test blacklisted admin panel with PRODUCT_ADMIN in product env ... ok
Test unspecified admin panel with PRODUCT_ADMIN in product env ... ok
Test whitelisted admin panel with PRODUCT_ADMIN in product env ... ok
Plugin admin panel with PRODUCT_ADMIN in product env ... ok
Test admin panel with TRAC_ADMIN in global env ... ok
Plugin admin panel with TRAC_ADMIN in global env ... ok
Test blacklisted admin panel with TRAC_ADMIN in product env ... ok
Test whitelisted admin panel with TRAC_ADMIN in product env ... ok
Plugin admin panel with TRAC_ADMIN in global env ... ok
Test blacklisted admin panel without meta-perm in product env ... ok
Test unspecified admin panel without meta-perm in product env ... ok
Test whitelisted admin panel without meta-perm in product env ... ok
Plugin admin panel without meta-perm in global env ... ok
Test blacklisted admin panel without meta-perm in product env ... ok
Test unspecified admin panel without meta-perm in product env ... ok
Test whitelisted admin panel without meta-perm in product env ... ok
Plugin admin panel without meta-perm in product env ... ok
----------------------------------------------------------------------
Ran 23 tests in 2.220s
OK
}}}
--
Ticket URL: <https://issues.apache.org/bloodhound/ticket/430#comment:7>
Apache Bloodhound <https://issues.apache.org/bloodhound/>
The Apache Bloodhound (incubating) issue tracker
