Any Context menu permissions

Andrew_Schofield · January 13, 2016, 1:26am

Folks,

I'm not much of a developer (and rails is pretty new to me), but I've been
doing a lot with Satellite for a year or so now. This is my first foray
into potential developer land so to say. So I was going to raise the
following issue into the issue tracker and submit a pull request but I
thought that it being my first and all that I would run it by this audience
first:

I think that the Any Context drop down menu for location / organization
setting should be modified:

allow non admin users to be able to clear their location / organization -
this is a valid thing to be able to do
allow the 'manage locations' / 'manage organizations' links on the menu
to be granted for the view_locations / view_organizations permissions as
this link ultimately links to the index page (currently this link is
visible to users with create_* permissions only).

These are defined in _location_dropdown.html.erb and
_organization_dropdown.html.erb files

Any comments / thoughts / views etc?

Thanks,
Andrew

dLobatog · January 13, 2016, 9:08am

> Folks,
>
> I'm not much of a developer (and rails is pretty new to me), but I've been
> doing a lot with Satellite for a year or so now. This is my first foray
> into potential developer land so to say. So I was going to raise the
> following issue into the issue tracker and submit a pull request but I
> thought that it being my first and all that I would run it by this audience
> first:
>
> I think that the Any Context drop down menu for location / organization
> setting should be modified:
>
> - allow non admin users to be able to clear their location / organization -
> this is a valid thing to be able to do

This one sounds fair, but make sure things without organization/location
are not shown to users when they set Any location/Any organization.
Non-admin users should see all objects scoped by these two.

> - allow the 'manage locations' / 'manage organizations' links on the menu
> to be granted for the view_locations / view_organizations permissions as
> this link ultimately links to the index page (currently this link is
> visible to users with create_* permissions only).

Good point, index should be visible when you have view permissions. I'd
say it's kind of useless if you don't have edit/destroy permissions for
taxonomies. What's the use case?

Thanks!

···

On 01/12, Andrew Schofield wrote:

–
Daniel Lobato Garcia

@dLobatog
blog.daniellobato.me
daniellobato.me

GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30
Keybase: https://keybase.io/elobato

Andrew_Schofield · January 14, 2016, 3:30am

>
> > Folks,
> >
> > I'm not much of a developer (and rails is pretty new to me), but I've
> been
> > doing a lot with Satellite for a year or so now. This is my first foray
> > into potential developer land so to say. So I was going to raise the
> > following issue into the issue tracker and submit a pull request but I
> > thought that it being my first and all that I would run it by this
> audience
> > first:
> >
> > I think that the Any Context drop down menu for location / organization
> > setting should be modified:
> >
> > - allow non admin users to be able to clear their location /
> organization -
> > this is a valid thing to be able to do
>
> This one sounds fair, but make sure things without organization/location
> are not shown to users when they set Any location/Any organization.
> Non-admin users should see all objects scoped by these two.
>

Yup, this is the default view and you are a non admin and assigned to
multiple locations. By default you have 'Any Location' switching to a
location means you can't unset it (just switch to a new location).

> > - allow the 'manage locations' / 'manage organizations' links on the
> menu
> > to be granted for the view_locations / view_organizations permissions as
> > this link ultimately links to the index page (currently this link is
> > visible to users with create_* permissions only).
>
> Good point, index should be visible when you have view permissions. I'd
> say it's kind of useless if you don't have edit/destroy permissions for
> taxonomies. What's the use case?
>

Manage Locations / Manage Orgs is currently (as a non admin) available
via Settings -> Locations / Settings -> Organizations only admin sees it
under the Any Context menu (wrong if for no other reason than consistency!
We use view_locations (so a user can view the locations) and then assign
the user view_params (now that this exists!), edit_params and create_params
so admins in charge of specific locations (countries and cities in our
case) can override the defaults supplied at the regional level (where we
don't give access). We nest the locations as follows:

I'll raise this in the system.

Thanks,
Andrew

···

On Wednesday, 13 January 2016 04:08:47 UTC-5, Daniel Lobato wrote: > On 01/12, Andrew Schofield wrote:

Andrew_Schofield · January 18, 2016, 11:51pm

Folks - I've submitted my first ever pull request -

github.com/theforeman/foreman

fixes #13265 - Any Context menu permissions

theforeman:develop ← aaschofield:13265_any_context_menu_permissions

opened 11:44PM - 18 Jan 16 UTC

aaschofield

+6 -10

modify the Any Context drop down menu for location / organization to: - allow no…n admin users to be able to clear their location / organization - allow the 'manage locations' / 'manage organizations' links on the menu to be granted for the view_locations / view_organizations permissions as this link ultimately links to the index page (currently this link is visible to users with create_\* permissions only).

I think I might need adding to the CI whitelist?

Let me know if I need to do anything else.

Thanks,
Andrew

···

On Wednesday, January 13, 2016 at 10:31:00 PM UTC-5, Andrew Schofield wrote: > > > > On Wednesday, 13 January 2016 04:08:47 UTC-5, Daniel Lobato wrote: >> >> On 01/12, Andrew Schofield wrote: >> > Folks, >> > >> > I'm not much of a developer (and rails is pretty new to me), but I've >> been >> > doing a lot with Satellite for a year or so now. This is my first foray >> > into potential developer land so to say. So I was going to raise the >> > following issue into the issue tracker and submit a pull request but I >> > thought that it being my first and all that I would run it by this >> audience >> > first: >> > >> > I think that the Any Context drop down menu for location / organization >> > setting should be modified: >> > >> > - allow non admin users to be able to clear their location / >> organization - >> > this is a valid thing to be able to do >> >> This one sounds fair, but make sure things without organization/location >> are not shown to users when they set Any location/Any organization. >> Non-admin users should see all objects scoped by these two. >> > > Yup, this is the default view and you are a non admin and assigned to > multiple locations. By default you have 'Any Location' switching to a > location means you can't unset it (just switch to a new location). > > >> > - allow the 'manage locations' / 'manage organizations' links on the >> menu >> > to be granted for the view_locations / view_organizations permissions >> as >> > this link ultimately links to the index page (currently this link is >> > visible to users with create_* permissions only). >> >> Good point, index should be visible when you have view permissions. I'd >> say it's kind of useless if you don't have edit/destroy permissions for >> taxonomies. What's the use case? >> > > 1) Manage Locations / Manage Orgs is currently (as a non admin) available > via Settings -> Locations / Settings -> Organizations only admin sees it > under the Any Context menu (wrong if for no other reason than consistency! > 2) We use view_locations (so a user can view the locations) and then > assign the user view_params (now that this exists!), edit_params and > create_params so admins in charge of specific locations (countries and > cities in our case) can override the defaults supplied at the regional > level (where we don't give access). We nest the locations as follows: > > > >----> > > >----> > > I'll raise this in the system. > > Thanks, > Andrew >

Gwmngilfen · January 19, 2016, 10:07am

> Folks - I've submitted my first ever pull request -
> https://github.com/theforeman/foreman/pull/3090
>

Congrats

> I think I might need adding to the CI whitelist?
>

Not quite yet - but keep up the contributions and you'll get added
eventually. It's there so that new contributors can have their code given a
quick look-over before tests are run (you never know when someone will send
the equivalent of rm -rf /).

For now, there's plenty of people around who can kick off tests for you. I
don't actually see a mention of the whitelist and how it works in our
handbook[1] so I'll try to fix that.

Let me know if I need to do anything else.
>

You're all good, I see the tests running at the moment, thanks to @mmoll.
Hope they pass

Greg

[1]Foreman :: Contribute

···

On 18 January 2016 at 23:51, Andrew Schofield wrote:

Andrew_Schofield · January 20, 2016, 3:45am

>
>
>> Folks - I've submitted my first ever pull request -
>> fixes #13265 - Any Context menu permissions by aaschofield · Pull Request #3090 · theforeman/foreman · GitHub
>>
>
> Congrats
>
>
>> I think I might need adding to the CI whitelist?
>>
>
> Not quite yet - but keep up the contributions and you'll get added
> eventually. It's there so that new contributors can have their code given a
> quick look-over before tests are run (you never know when someone will send
> the equivalent of rm -rf /).
>

Darn, you saw it

>
> For now, there's plenty of people around who can kick off tests for you. I
> don't actually see a mention of the whitelist and how it works in our
> handbook[1] so I'll try to fix that.
>

Thanks - I was missing the how it works bit.

···

On Tuesday, January 19, 2016 at 5:07:28 AM UTC-5, Greg Sutcliffe wrote: > On 18 January 2016 at 23:51, Andrew Schofield > wrote:

Let me know if I need to do anything else.

You’re all good, I see the tests running at the moment, thanks to @mmoll.
Hope they pass

Greg

[1]Foreman :: Contribute