Re: [foreman-dev] Opinions from plugin maintainers wanted: permissions and roles

Thaks for summary, just one quick comment where I think it needs clarification On středa 25. ledna 2017 13:59:57 CET Lukas Zapletal wrote: > Corrections. > > > Why you don't like explicit lock actions? > > I misinterpreted your statements above, looks like we both like > explicit locking. > >

Re: [foreman-dev] Opinions from plugin maintainers wanted: permissions and roles

Corrections. > Why you don't like explicit lock actions? I misinterpreted your statements above, looks like we both like explicit locking. > add_permission_to_provisioning_manager (also adds to "manager" role) > add_permission_to_provisioning_reader (also adds to "reader" role) >

Re: [foreman-dev] Opinions from plugin maintainers wanted: permissions and roles

> Ok, we discussed the migration path. We should be (with small changes*) able > to detect whether users modified existing Manager role. In case they did, we > would rename them to "Customized Manager" and create new Manager role with > default permissions but locked. Locked means no changes to

Re: [foreman-dev] Opinions from plugin maintainers wanted: permissions and roles

On pondělí 23. ledna 2017 17:07:30 CET Lukas Zapletal wrote: > > If you're concerned about the permissions table, this does not help. > > Permission are created there by plugin. If the permission is removed > > later, it should be removed from all roles anyway, user could already > > assign it to

Re: [foreman-dev] Opinions from plugin maintainers wanted: permissions and roles

On úterý 24. ledna 2017 0:02:15 CET Ivan Necas wrote: > Lukas Zapletal writes: > >> If you're concerned about the permissions table, this does not help. > >> Permission are created there by plugin. If the permission is removed > >> later, it should be removed from all roles

Re: [foreman-dev] Opinions from plugin maintainers wanted: permissions and roles

Lukas Zapletal writes: >> If you're concerned about the permissions table, this does not help. >> Permission are created there by plugin. If the permission is removed later, >> it >> should be removed from all roles anyway, user could already assign it to both >> core and

Re: [foreman-dev] Opinions from plugin maintainers wanted: permissions and roles

> If you're concerned about the permissions table, this does not help. > Permission are created there by plugin. If the permission is removed later, it > should be removed from all roles anyway, user could already assign it to both > core and plugin role. Down below. > I suppose you wrote a

Re: [foreman-dev] Opinions from plugin maintainers wanted: permissions and roles

Thanks for update, sending few more comments below in text On pondělí 23. ledna 2017 12:48:46 CET Lukas Zapletal wrote: > > Sorry I don't get it, especially the price. What's the difference between > > core and plugins in terms of permissions upgrades? If you rename plugin > > permission you need

Re: [foreman-dev] Opinions from plugin maintainers wanted: permissions and roles

> Sorry I don't get it, especially the price. What's the difference between core > and plugins in terms of permissions upgrades? If you rename plugin permission > you need to provide the same migration as if you renamed it in core. Once we merge everything into core roles, there is no easy way

Re: [foreman-dev] Opinions from plugin maintainers wanted: permissions and roles

On úterý 17. ledna 2017 14:45:53 CET Ondrej Prazak wrote: > On Tue, Jan 17, 2017 at 12:08 PM, Tomas Strachota > > wrote: > > On Mon, Jan 16, 2017 at 6:55 PM, oprazak wrote: > > > Hi, > > > I recently started identifying problematic areas in Permissions

Re: [foreman-dev] Opinions from plugin maintainers wanted: permissions and roles

> Let's continue the discussion here since it might read more people. I think > that as a user I don't care that my installation consists of core and several > plugins and I want to have Viewer role that gathers all view permission for > the whole app. > > This does not in conflict with also

Re: [foreman-dev] Opinions from plugin maintainers wanted: permissions and roles

On úterý 17. ledna 2017 15:46:56 CET Lukas Zapletal wrote: > On Mon, Jan 16, 2017 at 6:55 PM, oprazak wrote: > > So if a plugin is installed, user has to go and find what role/permission > > is missing or ask someone who can grant permissions. > > I do not think the proposed

Re: [foreman-dev] Opinions from plugin maintainers wanted: permissions and roles

On Mon, Jan 16, 2017 at 6:55 PM, oprazak wrote: > So if a plugin is installed, user has to go and find what role/permission is > missing or ask someone who can grant permissions. I do not think the proposed approach is the best, here is my lengthy explanation:

Re: [foreman-dev] Opinions from plugin maintainers wanted: permissions and roles

On Tue, Jan 17, 2017 at 12:08 PM, Tomas Strachota wrote: > On Mon, Jan 16, 2017 at 6:55 PM, oprazak wrote: > > Hi, > > I recently started identifying problematic areas in Permissions and > Roles, > > especially with regard to plugins. Foreman provides

Re: [foreman-dev] Opinions from plugin maintainers wanted: permissions and roles

On Mon, Jan 16, 2017 at 6:55 PM, oprazak wrote: > Hi, > I recently started identifying problematic areas in Permissions and Roles, > especially with regard to plugins. Foreman provides 'Viewer' and 'Manager' > roles out of the box and users expect these roles to work for

[foreman-dev] Opinions from plugin maintainers wanted: permissions and roles

Hi, I recently started identifying problematic areas in Permissions and Roles, especially with regard to plugins. Foreman provides 'Viewer' and 'Manager' roles out of the box and users expect these roles to work for plugins as well. But plugins generally do not add their permissions to core's