https://pulp.plan.io/https://pulp.plan.io/favicon.ico2021-11-16T19:36:20ZPulpContainer Support - Task #9572: Port the RBAC implementation to the pulpcore roles frameworkhttps://pulp.plan.io/issues/9572?journal_id=771702021-11-16T19:36:20Znewswangerd
<ul></ul><p>I've been thinking about this for galaxy_ng and I've come up with 3 potential solutions to this problem that we're considering.</p>
<p>Let's say I have group <code>foo</code> with model permissions for <code>create-bar</code> and <code>update-bar</code>.</p>
<ol>
<li>
<p>Create a role for each group that has the all of the permissions that the group used to have. In this scenario we'd, create role <code>group-foo</code>, assign <code>create-bar</code> and <code>update-bar</code> to the new role, and assign the new role to <code>foo</code>.</p>
</li>
<li>
<p>Create a role for each permission. In this scenario we'd create a role called <code>permission-create-bar</code> and <code>permission-update-bar</code> and assign both of the new roles to <code>foo</code>.</p>
</li>
<li>
<p>Attempt to match a group's permission matrix to a set of system roles. This would attempt to assign a system role that has permissions for <code>create-bar</code> and <code>update-bar</code> to <code>foo</code>.</p>
</li>
</ol>
<p>Each approach has it's advantages and disadvantages. 3 would provide the best user experience, but would be buggy, and potentially impossible to implement since system roles are only created in a post migration hook. 1 and 2 will both create a lot of annoying default roles that will make it difficult to search for roles that user's might actually care about. 2 would likely created fewer roles, but also bypasses the purpose of roles in the first place.</p> Container Support - Task #9572: Port the RBAC implementation to the pulpcore roles frameworkhttps://pulp.plan.io/issues/9572?journal_id=772862021-11-19T20:39:46Zrchan
<ul><li><strong>Sprint</strong> changed from <i>Sprint 109</i> to <i>Sprint 110</i></li></ul> Container Support - Task #9572: Port the RBAC implementation to the pulpcore roles frameworkhttps://pulp.plan.io/issues/9572?journal_id=775372021-12-03T22:00:58Zrchan
<ul><li><strong>Sprint</strong> changed from <i>Sprint 110</i> to <i>Sprint 111</i></li></ul> Container Support - Task #9572: Port the RBAC implementation to the pulpcore roles frameworkhttps://pulp.plan.io/issues/9572?journal_id=778862021-12-15T18:27:35Zpulpbot
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/77886/diff?detail_id=78365">diff</a>)</li><li><strong>Status</strong> changed from <i>NEW</i> to <i>CLOSED - DUPLICATE</i></li></ul>