Project

General

Profile

Actions

Feature #5537

closed

Menu/authorization: need alternative to rails controller centric authorization

Added by Walden Raines almost 10 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Users, Roles and Permissions
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

The methods authorized? and allowed_to should be less controller centric.

In bastion we only have one controller: https://github.com/Katello/katello/blob/master/engines/bastion/app/controllers/bastion/bastion_controller.rb. That controller simply renders html, js, and css which in turn powers the application.

We cannot show menu items based on permissions because the menu item authorization relies on there being a controller `entity` with an action `action`. We need some way to specify the entity and action without undue reliance on the existence of a rails controller.

One solution ehelms proposed was to "allow passing in a Proc to define a path or pass in 'url' if the user wants to".

References:

https://github.com/theforeman/foreman/blob/develop/app/services/menu/item.rb#L36
https://github.com/theforeman/foreman/blob/acfbc45886c4d81a2a3ca5af433a6124a0a7191a/app/models/role.rb#L79


Related issues 2 (0 open2 closed)

Blocks Katello - Feature #5217: As a user, I should have CRUD permissions for all entities that are exposed to me.Closed04/16/2014Actions
Blocks Katello - Feature #5593: Fix menu so authorized items are displayed post single page app workClosedWalden Raines05/06/2014Actions
Actions #1

Updated by Walden Raines almost 10 years ago

  • Blocks Feature #5217: As a user, I should have CRUD permissions for all entities that are exposed to me. added
Actions #2

Updated by Anonymous almost 10 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Anonymous
Actions #3

Updated by Dominic Cleal almost 10 years ago

  • Target version set to 1.8.3
Actions #4

Updated by Walden Raines almost 10 years ago

  • Blocks Feature #5593: Fix menu so authorized items are displayed post single page app work added
Actions #5

Updated by Dominic Cleal almost 10 years ago

  • translation missing: en.field_release set to 10
Actions #6

Updated by Anonymous almost 10 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF