Actions
Story #7160
closedAs a user, I can read all AccessPolicies in affect for my Pulp system
Start date:
Due date:
% Done:
100%
Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 79
Quarter:
Description
This is available with a call like GET example.com/pulp/api/v3/access_policy/
Actions
Role Based Access Control
This PR adds in user-manageable Access Policies rooted at the
/pulp/api/v3/access_policies/
endpint. This deifnes both statements of the policy as well as what permissions should be created for new objects.The
/pulp/api/v3/tasks/
endpoint is now protected by an AccessPolicy which by default provides user-isolation. This effectively limits a non-admin user to only view their own tasks.Plugins writers can enable role base access control easily using the
pulpcore.plugin.models.AccessPolicyFromDB
object and declaring with thepermission_classes
attribute.Plugin writers can use the
pulpcore.plugin.models.AutoAddObjPermsMixin
which provides user-configurable ways to create permissions for new objects. This includes three methodsobject_creator
,add_for_users
, andadd_for_groups
.Plugin writers can use the
pulpcore.plugin.models.AutoDeleteObjPermsMixin
which provides auto-removal of object level permissions during object deletion.pulpcore.plugin.models.BaseModel
now usesdjango-lifecycle
allowing subcalsses to use it instead of signalsPlugin writers can easily provide queryset scoping on ViewSets that inherit from the
pulpcore.plugin.viewsets.NamedModelViewSet
by declaring thequeryset_filtering_required_permission
class attribute naming the permission required to view an object.closes #7160 closes #7210 closes #7151 closes #7157 closes #7158 closes #7300 closes #7301