> Let's continue the discussion here since it might read more people. I think > that as a user I don't care that my installation consists of core and several > plugins and I want to have Viewer role that gathers all view permission for > the whole app. > > This does not in conflict with also providing "$plugin Viewer" and "$plugin > Manager" roles so if user wants to create a user group from subset of > permission he can still do it. > > If you want to keep current Viewer and Manager roles to contain only core > permissions then I'd suggest renaming them to Core Viewer and Core Manager
The price for that is too high in my eyes. I think these roles and permissions should be strictly separated for now and forever and we need to come up with different approach of handling that. What I like the best is a help text, better documentation and renaming the core roles to something that is more obvious. Allowing plugins to modify core roles will end up with a mess that is very difficult to clean! Both adding and deleting permissions for existing roles during upgrades is very challenging, we usually want to tell administrators "hey, danger ahead, during upgrade all these users will get/lost some permissions" so it's a dilemma to do this via migration/seed or explicitly ask the user to do the change in upgrade notes. When reviewing these changes, we need to be careful and we are doing great job in core, but I wonder what happens if we open the doors to any plugin to basically play around with the two most important roles in the application. -- Later, Lukas @lzap Zapletal -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.