Scott Seago
2008-Apr-23 19:04 UTC
[Ovirt-devel] [Patch] refactor permissions to reflect new roles/permission levels
This refactors the permissions model to support the latest permissions/roles design. The prior code handled privileges independently -- so an administrator would need to be granted each privilege separately. The new model grants roles to users, currently "Super Admin", "Administrator", "User", and "Monitor". Each role then has several associated privileges (Super Admin gets all of them, Monitor only gets to view objects, etc.) So the user permissions code (where users are granted access) works on the Roles -- but the permissions checks are by privilege. Currently the role-privilege mapping is maintained in the Permission class code, rather than in the DB. If necessary, this could later be moved into the database (if, for example, we wanted to make it configurable, etc.) Scott -------------- next part -------------- A non-text attachment was scrubbed... Name: permissions-refactoring.patch Type: text/x-patch Size: 29645 bytes Desc: not available URL: <http://listman.redhat.com/archives/ovirt-devel/attachments/20080423/de797257/attachment.bin>