Hi,
that is a good point which I should document in Wiki:
-In order not loosing the overview about the rights use granulating only
if it is useful for the user/admin.
-WebYaST rights and YaST-DBUS rights has to be identically in order
keeping the overview.
-Use rights for special values/tasks only if we can provide this single
information
in one request only. e.g. GET <machine>language/second_language.xml
- If the YaST-DBUS interface supports this granulation and WebYaST does not
we will have to "summarize" rights.
For example the language module has only one GET/PUT request:
GET <machine>/language.xml
This returns the *complete* language information like
current
utf8
rootlocale
...
..
.
So it makes no sense for the admin who has to set the concerning rights
setting
each single language right for each user. He only wants to set that the
user has
read or write access.
We can solve this by using structured name:
org.opensuse.yast.modules.yapi.language.getlanguages
org.opensuse.yast.modules.yapi.language.getcurrentlanguage
org.opensuse.yast.modules.yapi.language.isutf8
org.opensuse.yast.modules.yapi.language.getrootlang
org.opensuse.yast.modules.yapi.language.setcurrentlanguage
org.opensuse.yast.modules.yapi.language.setutf8
org.opensuse.yast.modules.yapi.language.setrootlang
Should become:
org.opensuse.yast.modules.yapi.language.get-languages
org.opensuse.yast.modules.yapi.language.get-currentlanguage
org.opensuse.yast.modules.yapi.language.get-utf8
org.opensuse.yast.modules.yapi.language.get-rootlang
org.opensuse.yast.modules.yapi.language.set-currentlanguage
org.opensuse.yast.modules.yapi.language.set-utf8
org.opensuse.yast.modules.yapi.language.set-rootlang
So we are able to generate a tree structure of the rights like
get
-languages
-currentlanguage
-utf8
-rootlang
set
-currentlanguage
-utf8
-rootlang
Which can be shown in the UI and the admin has to select the root branch
"get" or "set" only in order to change the permission for all "child"
rights.
This will be handled by the permission rest-service of WebYaST.
Any other thoughts or possibilities ?
Greetings
Stefan
Josef Reidinger schrieb:
During developing my webyast modules I find, that using dbus and my YaPI
quite increase amount of webyast policykit permissions. Is there any
policy how detailed should be that permissions? E.g. if I have language
module and for each expected features (language, utf8 and root locale)
has getter and setter and getter for language list in YaPI it is 7
permissions in policy-kit. So I can change it to one read/write YaPI (
only 2 permissions) call or let it for each configuration option.
josef
--
*******************************************************************************
Stefan Schubert
SUSE LINUX GmbH - Maxfeldstrasse 5 - D-90409 Nuernberg, Germany
e-mail: [email protected]
-------------------------------------------------------------------------------
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
