Foreman plugin permissions

In foreman_scc_manager plugin, we are currently working on the permissions because we want to have a viewer role which can be used to just view and use the SCC manager without add/edit/delete an account.

Currently, I’m able to see the “scc index” page but there is no entry in the list (even if there is a account configured).

What do I need to do to allow a user (with viewer role) to access rails model? Currently, the user is able to view the “index” page but the index page is empty because the rails model doesn’t return any data.

Permissions for Foreman models should follow this scheme:

"#{controller_action}_#{model_name.pluralized}",
e.g. view_architectures.

You can check that fairly easily:

Architecture.new.permission_name(:view)
=> "view_architectures"

For this to work a permission has to exist in the database. The permission can be set in engine.rb.

The permission that is defined there is called view_scc. So Foreman expects a model Scc to exist.
If you rename the permissions in engine.rb (and possibly clean up the old ones with a migration), you should be good to go.

2 Likes