[foreman-dev] Opinions from plugin maintainers wanted: permissions and roles

[oprazak]

Hi,
I recently started identifying problematic areas in Permissions and Roles, 
especially with regard to plugins. Foreman provides 'Viewer' and 'Manager' 
roles out of the box and users expect these roles to work for plugins as 
well. But plugins generally do not add their permissions to core's roles, 
some of them just have their own plugin-specific roles, some not. So if a 
plugin is installed, user has to go and find what role/permission is 
missing or ask someone who can grant permissions.

After a brief discussion in team C, it was decided that plugins should add 
their permissions to 'Manager' role and their 'view_' permissions to 
'Viewer' role. They should also keep their plugin-specific roles (or create 
them) for higher granularity and backward compatibility.
I started initial work which should allow plugin maintainers to do this, it 
can be found at [1]. I decided to create 2 methods that would be called 
from Engine, but we could take a different approach and add permissions 
from plugins automatically by modifying the 'permission' method that is 
called from 'security_block'. 

The way I see things:

* adding permissions explicitly, using DSL
  - extra work for plugin maintainers
  - permissions can be ommited/forgotten
 # can be covered with tests? something like the already existing 
AccessPermissionsTest 
  - extra code in Engine
  - better control, can handle special cases

* adding permissions automatically without plugin knowing about it by 
modifying 'permission' method
  - no need for plugin maintainers to do anything
  - cannot handle special cases
  - if user removes permission from these default roles, there is no way to 
detect it and permissions get added again on server restart
# users do not modify default roles, they can clone it and modify the 
cloned one
# if the default roles are not meant to be modified, they should be 
'frozen' and user should not be able to modify them, implementing this 
would add code and complexity

Anything that I have missed? Where do you stand as a plugin maintainers? 
Can you think of other ways to go?

Ondra

[1] https://github.com/theforeman/foreman/pull/4168  

-- 
You received this message because you are subscribed to the Google Groups 
"foreman-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[foreman-dev] Re: Creation of menu

[oprazak]

Hi,
I never tried to add items into plugin's menu from another plugin, but I 
think the issue here is that plugin registration is not ordered in any way. 
So if you have plugin A with

sub_menu :top_menu, :ConfigMonitor
#...
end

and plugin B with:

menu :top_menu, :patchmanagement, :parent => :ConfigMonitor

your B plugin may be registered before A, so B is trying to add items into 
menu that does not yet exist.
You can get list of already registered plugins if you put a breakpoint 
right before the Foreman::Plugin.register block in your Engine
and call Foreman::Plugin.registered_plugins

You could try to create a third plugin, whose sole purpose would be to add 
menu into navbar and make it a dependency for your existing plugins. Then 
adding the items into common menu could work, but I haven't really tried it.

Ondra

-- 
You received this message because you are subscribed to the Google Groups 
"foreman-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[foreman-dev] Change in host/managed possibly affecting your plugin

[oprazak]

Hi everyone,
if you are a plugin developer/maintainer and your plugin has host_extension 
that adds inheritable attributes to host, then read on. In a recently 
merged bugfix [1], there has been a change that possibly breaks your plugin.
I have already submitted PRs to katello [2] and foreman_openscap [3], but 
if your plugin uses :alias_method_chain for set_hostgroup_defaults method, 
you will need to make a minor change.

O.

[1] https://github.com/theforeman/foreman/pull/3612 
[2] https://github.com/Katello/katello/pull/6280
[3] https://github.com/theforeman/foreman_openscap/pull/195/files


-- 
You received this message because you are subscribed to the Google Groups 
"foreman-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [foreman-dev] Webpack merged into develop branch

[oprazak]

There was an issue with webpack when running in a vagrant box and serving 
assets over https. Have a look at:

https://github.com/theforeman/foreman/commit/ab5c7c28f3c8e6a4fd4731cba590b62d5497ac97

':webpack_dev_server_https: true' in settings.yml fixed the console errors 
for me

On Friday, August 19, 2016 at 8:35:32 PM UTC+2, stephen wrote:
>
>
>
> - Original Message - 
> > From: "Stephen Benjamin"  
> > To: forem...@googlegroups.com  
> > Sent: Friday, August 19, 2016 7:29:21 AM 
> > Subject: Re: [foreman-dev] Webpack merged into develop branch 
> > 
> > 
> > 
> > - Original Message - 
> > > From: "Greg Sutcliffe"  
> > > To: "Foreman"  
> > > Sent: Friday, August 19, 2016 4:24:17 AM 
> > > Subject: Re: [foreman-dev] Webpack merged into develop branch 
> > > 
> > > On 19 August 2016 at 07:26, Daniel Lobato  > wrote: 
> > > 
> > > > I'm not sure why - but I also can reproduce this. 
> > > > 
> > > > It seems like having `foreman_templates` on your list of plugins is 
> > > > what's 
> > > > causing this. I don't really know why yet but I don't get the error 
> > > > without 
> > > > that plugin, and I get it the moment I put it in bundler.d 
> > > > 
> > > 
> > > I know I haven't updated templates for this: 
> https://groups.google.com/d/ 
> > > topic/foreman-dev/MFW1bAj-eFk/discussion (hit that myself last night). 
> Not 
> > > the same error, but possibly related. I'll push that change to 
> > > templates/develop today and hopefully it'll help. 
> > > 
> > 
> > Thank you, that was it. foreman_chef wasn't updated for that. 
> > 
> > 
> > - Stephen 
>
> Well, sort of.  Now none of the menus, dropdowns etc work.  There's plenty 
> of errors in the JS console like this: 
>
>   ReferenceError: $ is not defined editable_form.self.js:5:5 
>   ReferenceError: jQuery is not defined 
>
> I've tried cleaning out the node_modules dir and reinstalled, and trying 
> webpack:compile with the server off, and it doesn't help. 
>
>
> - Stephen 
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"foreman-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.