Story #7151
closed
As a plugin writer, I can use django-lifecycle with all Pulp models
Status:
CLOSED - CURRENTRELEASE
- Status changed from NEW to ASSIGNED
- Assignee set to bmbouter
- Status changed from ASSIGNED to POST
- Sprint set to Sprint 79
- Status changed from POST to MODIFIED
- % Done changed from 0 to 100
- Sprint/Milestone set to 3.6.0
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
Also available in: Atom
PDF
Role Based Access Control
This PR adds in user-manageable Access Policies rooted at the
/pulp/api/v3/access_policies/
endpint. This deifnes both statements of the policy as well as what permissions should be created for new objects.The
/pulp/api/v3/tasks/
endpoint is now protected by an AccessPolicy which by default provides user-isolation. This effectively limits a non-admin user to only view their own tasks.Plugins writers can enable role base access control easily using the
pulpcore.plugin.models.AccessPolicyFromDB
object and declaring with thepermission_classes
attribute.Plugin writers can use the
pulpcore.plugin.models.AutoAddObjPermsMixin
which provides user-configurable ways to create permissions for new objects. This includes three methodsobject_creator
,add_for_users
, andadd_for_groups
.Plugin writers can use the
pulpcore.plugin.models.AutoDeleteObjPermsMixin
which provides auto-removal of object level permissions during object deletion.pulpcore.plugin.models.BaseModel
now usesdjango-lifecycle
allowing subcalsses to use it instead of signalsPlugin writers can easily provide queryset scoping on ViewSets that inherit from the
pulpcore.plugin.viewsets.NamedModelViewSet
by declaring thequeryset_filtering_required_permission
class attribute naming the permission required to view an object.closes #7160 closes #7210 closes #7151 closes #7157 closes #7158 closes #7300 closes #7301