Project

Profile

Help

Story #9411

closed

Story #9410: [EPIC] Roles for RBAC

Implement roles models and facilities for auto-assignment and queryset-filtering

Added by mdellweg about 3 years ago. Updated almost 3 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 109
Quarter:
Actions #1

Updated by mdellweg about 3 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to mdellweg
  • Sprint/Milestone set to 3.16.0
  • Sprint set to Sprint 105
Actions #2

Updated by pulpbot about 3 years ago

  • Status changed from ASSIGNED to POST
Actions #6

Updated by rchan about 3 years ago

  • Sprint changed from Sprint 105 to Sprint 106
Actions #7

Updated by gerrod about 3 years ago

  • Sprint/Milestone changed from 3.16.0 to 3.17.0
Actions #8

Updated by rchan about 3 years ago

  • Sprint changed from Sprint 106 to Sprint 107
Actions #10

Updated by rchan about 3 years ago

  • Sprint changed from Sprint 107 to Sprint 108
Actions #11

Updated by rchan about 3 years ago

  • Sprint changed from Sprint 108 to Sprint 109

Added by mdellweg about 3 years ago

Revision ab6225b6 | View on GitHub

Add Support for roles in RBAC

  • Add role models and role permission backend
  • Add support for roles in the access policy
  • Rename permission_assignment to creation_hooks
  • Make queryset filtering depend on the backend configuration
  • Add register for creation hooks
  • Add post migrate hook to manage locked roles defined by viewsets
  • Add rest interface for roles
  • Add endpoint for user roles and group roles
  • Refactor get_{users,groups}_with_perms for roles
  • Avoid circular imports with custom user model Custom user models may rely on importing pulpcore.app.models.

fixes #9413 fixes #9411

Actions #12

Updated by mdellweg about 3 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

Added by mdellweg almost 3 years ago

Revision 6a9bd138 | View on GitHub

Fix return value of get_all_permissions

Django's interface for get_all_permissions seems to not include the app_label in the permission strings if an obj is provided. We include them again in the my_permission endpoint, because that is the way we represent them to our users everywhere.

https://docs.djangoproject.com/en/3.2/ref/contrib/auth/#django.contrib.auth.models.User.get_all_permissions

re #9411

Actions #14

Updated by pulpbot almost 3 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF